Yet another e-learning that people mindlessly click through? A phishing campaign with questionable results? Promoting awareness gives security officers headaches: how do you create urgency without being alarmist?
The challenge
That human error is responsible for most hacks is now so well known that it is almost a cliché. Yet regular awareness campaigns and training courses seem unable to change this.
Perhaps that isn't so suprising. After all, if these initiatives share anything in common, it's that they are 1. generic and 2. discuss hypothetical risks. Consequently, the message only resonates with your colleagues to a limited extent.
Relevant lessons
Based on dark web information, you don't have to share generic lessons with your colleagues, but can take them through their own specific dark web exposure: what data has actually been leaked from an employee, and how can the employee improve? The lessons about, for instance, passwords or the careful use of external services that follow are much better received because they truly apply to them.
Regarding real leaks
A big difference from hypothetical training is that the information about dark web leaks and threats is all real. Not abstract information about hypothetical risks, but concrete consequences of leaks and threats that have occurred. That creates urgency.
In an appropriate tone
Are dark web leaks dangerous? Sometimes, but not always. Nonetheless, there are lessons to be gleaned. That's precisely why it's important to communicate with your colleagues about this in a constructive manner. Not alarmist, like "Don't ever do this again!", but calmly: "Some of your data has been leaked on the dark web, which could be misused. Here, I share some insights on how to prevent this and how to recognize such attacks."
Retake the information-advantage
Begin the process of mapping your dark web exposure by completing this contact form today.
Contact us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
