5 Tactics to Improve Security Training Compliance – MTI America



5 Tactics to Improve Security Training Compliance

5 Tactics to Improve Security Training Compliance

National Computer Security Day raises awareness about cyber security issues. It also helps people maintain online security. As the Director of IT at MTI America, Randy Lay is tasked with raising security awareness throughout the year. These efforts include mandatory security training(s) to comply with SOC 2 requirements. In this article, we’ll share some tactics he uses to secure 100%complaince.

    1. Vendor Selection: Pick a vendor that vibes well with your organization’s culture and operational needs. From the method of delivery to the support to market the training, find the right vendor that suits your needs. We used Knowbe4 most recently because it offers a virtual library of interactive trainings which can be distributed with tracking through completion. They also support us by providing marketing materials and services including scheduled phishing simulations, and organizational security statistics with industry comparison charts.
    2. Employee Awareness:  Design and build a space on your company’s intranet (aka portal, internal website, SharePoint, etc.) that explains the purpose of the training, requirements, expectations, etc.  Consider swapping out the homepage banner or adding it to the rotation.
    3. Secure Management Buy-In: Be sure to provide your management team with rationale behind the training and importance of securing 100% compliance (SOC 2 Compliance!).  Send an email, add it to the agenda of your next management meeting, and/or share the internal portal page as a ‘sneak preview’ to all people managers before sending it to your entire organization. If possible, allow people managers to take the training first to vet out any issues.
    4. Encourage Compliance with Public Praise: Make a big deal out of securing the 100%. If you are in an office, consider getting a large dry erase vinyl decal (sample). You can usually pick these up for less than fifty dollars. If there is a lot of telecommuting, add a section with compliance updates to your company newsletters or add a virtual thermometer to your intranet homepage.
    5. Remind and Thank: It sounds obvious enough to remind people to take the required security training, but a simple thank you goes a long way. Consider sending a message thanking the people that completed the training and show them by name, if possible. If they aren’t on the list, they know they need to take the training.