Americans love their football. From high school football to the NCAA and the NFL, we follow the sport like no other.
On the surface it might not appear that football and security awareness training have anything in common. However, upon further reflection, I’ve noticed that many of the strategies employed by your security team, and those of your favorite football team, revolve around a number of the same practices in order to achieve success.
In football, the difference between success and failure is often dictated well in advance of the opening kickoff. Inevitably, it’s based in good part upon how a team approaches their training regimen. What if the coaching staff decided that over the summer months they weren’t going to hold practice? What if they decided they weren’t going to set up any training programs? You’d think that the coaches were out of their minds. How could a team be successful without training?
Do you see where I’m going here?
The same can be said of security training. According to Verizon’s 2015 Data Breach Investigations Report, which analyzes security incidents that happened last year, humans were again the weak link that led to many of the compromises suffered by organizations around the world. While also their greatest asset, organization’s employees are the weakest link.
Just like a football team, organizations need to provide full training programs to each and every one of their employees on all aspects of information security. Without training, the organizations will leave themselves vulnerable to any number of security breaches. How are you expected to win the Super Bowl, or in your business, be successful in preventing a security breach, if your team hasn’t had adequate training? Oftentimes it is simply better employee awareness that is the key to the prevention of security incidents.
So let’s talk specific training regimes. In football, players have to prepare for a number of situations: a punt return, a blitz, or the question that the defense faces on every play, will we be facing a passing play or a running play. It takes specific training to be prepared. The same goes for your organization’s security awareness training program. Employees face a number of “plays” every day and they must be prepared, from identifying phishing attacks, to creating passwords, using mobile devices, and detecting social engineering attacks.
It’s Super Bowl Sunday. Your ball fourth and goal. Two seconds left in the game. Your team is down by four. And, just like the head coach trying to get his team in the end zone for the winning score, will you have prepared your employees to know what to do so they can execute when it is crunch-time, or will they fall short? In security, as in football, preparation in the form of a security awareness program that is effective at helping employees be prepared is key. Interactive, highly engaging training that teaches critical security skills in an easy-to-understand, fun format will drive real behavior change. In the end, this training will separate the winners from the losers, and help you raise the Vince Lombardi Trophy in security victory.