Engaging Your Stakeholders in Your Security Awareness Training Program
In order to ensure that your organization gets the most value out of any program, it is crucial to have buy-in from your stakeholders.
We recommend sending this email out to any stakeholders (C-level employees, Director of IT, etc.) before you send out your initial employee-wide baseline phishing test. That way, any questions can be answered and your stakeholders will be readily prepared for any employee questions that arise once the baseline assessment is administered.
Be sure to review the example text in brackets prior to sending to ensure the content matches your unique security awareness training plan.
As you all know, raising security awareness is important to the safety of our organization.
I am excited to announce that we have partnered with KnowBe4. KnowBe4 is the world’s leading Security Awareness Training organization. They will help us create a “human firewall” which can protect us against malicious emails. This state-of-the-art program consists of both a training campaign and simulated phishing attacks.
We will begin by sending out a simulated phishing email to determine how at risk we are to phishing attacks. Next, I will schedule [employee-wide] training and [bi-weekly] phishing tests for all employees. [We will then tell employees the best method to report these simulated phishing emails.]
There are various courses on security topics that our organization can assign. To get started, everyone will take the [45-minute General Security Course]. [Then, certain departments will also be assigned training courses based on their job.] The training is engaging and does not need to be completed in one sitting.
Our end goal is to increase security awareness and decrease the number of clicks on malicious emails.
I am excited to have this new program in place and I welcome any questions or concerns.