Engaging Your Stakeholders in Your Security Awareness Training Program
To ensure that your organization gets the most value out of your program, your stakeholders should understand the benefits, goals, and structure of your security awareness training plan.
As a best practice, we recommend sending an email out to any of your stakeholders, such as C-level employees and your Director of IT. This email should be sent before you send out your initial organization-wide baseline phishing test to ensure that your stakeholders are prepared for any questions that users might have once the baseline assessment begins.
Below we have provided you with a sample email that you can use as a template for composing your own email. Be sure to review and change the example text in brackets to align with your unique security awareness training plan.
As you all know, raising security awareness is important to the safety of our organization.
I am excited to announce that we have partnered with KnowBe4. KnowBe4 is the world’s leading Security Awareness Training organization. Their state-of-the-art platform includes security awareness training and simulated phishing attacks that will help us create a “human firewall” by training our employees on how to spot and report malicious emails.
We will begin by sending out a simulated phishing email to determine how likely our employees are to fall for a phishing attack. Next, I will schedule [organization-wide] training and [bi-weekly] phishing tests for all employees. [We will then tell our employees the best method for reporting these simulated phishing emails.]
Next, we will assign our employees security awareness training. To get started, everyone will take the [45-minute General Security Course]. [Then, certain departments will also be assigned training courses based on their job role.] The training is engaging and does not need to be completed in one sitting.
Our end goal is to increase security awareness and decrease the number of clicks on malicious emails.
I am excited to have this new security awareness program in place and I welcome any questions or concerns.
For more information on our best practices for security awareness training, please see our Best Practices Guide.