Cybersecurity summits and tools to improve training
Anytime an MSP can expose its engineers and technicians to free training and education, it’s an opportunity that shouldn’t be passed up. One such opportunity is the upcoming “5th Annual Cybersecurity Summit” hosted by CISA and Morehouse College in Atlanta. The free summit will be held on October 5 and coincides with Cybersecurity Awareness Month, which is in October. Attendance can be in-person or virtual.
“I highly recommend it,” says Don Lasko, a cybersecurity consultant in Indianapolis. “What the event does is strips cybersecurity of a lot of its mystery and puts the focus where it needs to be, which is on people.”
He adds, “With all the new software, hardware, AI, and algorithms, the real focus of cybersecurity should still be on the cheapest and most widely available element, and that is people. Without informed stakeholders, none of the other things matter, and I found this summit to be invaluable in putting the focus back on people.”
MSPs that send their employees to the event, either virtually or in person, will come away with that renewed sense of purpose. “They will come away with the absolute latest government insights into the newest cybersecurity issues,” Lasko emphasizes. More information and details on how to register are available here.
Meanwhile, Lasko advises on some things MSPs can do to improve cybersecurity training without attending the summit. Here are some of his most helpful hints:
Use Laymen’s Terms
Cybersecurity is its own language, and it’s a language that most people don’t speak fluently. As an IT person, you probably know about polymorphic malware, spear phishing, AI, IoT, SSaS, DDoS, and so on. “But to the average person you might as well be teaching hieroglyphics when you use these terms,” Lasko explains. Instead, he recommends speaking in easy-to-understand analogies and stories.
“Having a weak password is like leaving your front door unlocked with a pile of diamonds sitting on your dining room table,” Lasko says. “Now everyone can understand that.”
Get to the Point
Most people have short attention spans, especially on something like cybersecurity. They are busy and have other work piling up, emails to return, and reports to write. “People will begin to tune quickly and you can accomplish a lot in short 30-minute `power training sessions’ rather than bogging people down in a 3-hour course,” Lasko suggests.
Studies have found that the average adult attention span is around 20 20 minutes. “Whatever length you choose, you need to make sure you emphasize the most pertinent points in the first 10 minutes of the training and then in the final five minutes as you wrap it up, go through those points one final time,” Lasko advises.
Make it Accessible
Often the office’s IT staff, or MSP might seem distant or a hassle to reach. So, make sure it is easy for them to engage. “I know of one company that had a reporting policy in place for cyber-incidents, but it involved filling out a form in triplicate, scanning it into a PDF file, and emailing it to the MSP,” recalls Lasko. “That was cumbersome and unwieldy, and few people reported anything because they didn’t want to take 20 minutes of their time to do it.”
Instead, designate a person in the office to be the “IT person” to report incidents to or have a Slack channel to report IT trouble. “Make it effortless, and people will do it,” Lasko says.
Treat Everyone as a Stakeholder
One of the biggest problems with training is people aren’t often connected to the process. Cybersecurity training is a chance to make a connection, Lasko says.
“People need to see how a ransomware attack, for instance, will impact them, whether that is the company having to close down, whether there are enough losses to make bonuses unpayable, or other perks gone,” explains Lasko. “That usually gets people’s attention fast.”
But another great training tool is to send employees off to training. Free events like the CISA cybersecurity summit are invaluable. In addition to the CISA summit, here are a couple of others to consider:
Wisconsin Governor’s Cybersecurity Conference
Registration is now open for the 2022 Wisconsin Governor’s Cybersecurity Summit, being held Oct. 23-25 at the Wilderness Resort – Glacier Canyon Conference Center in Wisconsin Dells. This annual summit brings together national cybersecurity experts, government and academic leaders, and the business community to build relationships while sharing knowledge and experience. Click here for more details.
Billington Cybersecurity Summit
The 13th annual event took place earlier this month and brought together the world’s leading government summit on cybersecurity continues its unique educational mission of convening the who’s who in cybersecurity. The 2022 keynote speaker was CIA Director William Burns. Learn more about the Billington Cybersecurity Summit here.
Photo: NicoElNino / Shutterstock