Solidify Best Practices Through Regular Cybersecurity Training
Question: Some staff in our practice think that ongoing cybersecurity training is less beneficial and more time-consuming than once-a-year training. Which approach is better to ensuring optimal compliance? Kentucky Subscriber Answer: While each approach has its benefits, having regular cybersecurity training throughout the year can help keep the information fresh in your employees’ minds. These training sessions don’t need to be full sit-down sessions where an IT professional lectures the staff while slides play behind them. For example, deploying white hat phishing tests offer real-world situations that the employees may encounter in their daily duties. In a white hat phishing test, the IT team sends out a fake email designed to be a phishing scam to a random selection or the entire practice. If the employee reports the email as phishing, they pass. However, if the employee clicks the link or an attachment in the email, then they will receive a message informing them of the phishing test results. Adults are more likely to learn more by making mistakes, and a 5-minute white hat phishing test multiple times a year can provide a better educational experience than going over cybersecurity best practices for one hour every 365 days. Mike Shaughnessy, BA, CPC, Production Editor, AAPC
