Listen to article

0:00 0:00


Cybersecurity experts say human error is the biggest risk in protecting digital information. This is a common concern across companies, with most data breaches generally linked to human mistakes. However, with the right training, this weakness can be turned into a strong defense.

Kyndryl has made protecting sensitive data a collective responsibility, engaging all employees in an interactive training program. This not only strengthens the company's cyber resilience but also adds an element of fun to learning about cybersecurity.

By providing thorough cybersecurity training like Kyndryl’s, employees can learn to spot signs of cyberattacks. This can help empower them to protect the company’s most important digital information.

Here are five common cyber education mistakes — and ways to improve your organization’s training:

 

 
1. Programs are not customized to your company

Standard, out-of-the-box cyber education programs often fail to address a company’s specific needs. Tailoring the program to fit your business and your people is crucial for effective learning and retention. Kyndryl’s cyber education is tailored to the company’s unique culture and the real challenges employees face, such as CEO impersonations or targeted phishing simulations. “Customization is key to engaging employees and making the content relevant to their daily activities,” said Cory Musselman, Kyndryl’s Chief Information Security Officer.

 

2. Cyber training isn’t fun

Let’s face it: nobody enjoys sitting through hours of monotonous slides. Musselman believes that turning learning into an exciting journey with interactive modules and real situations can revolutionize the training experience. Kyndryl’s cybersecurity training incorporates gamification for better engagement, featuring immersive labs where employees navigate through a “choose your own adventure” style scenario, making decisions and witnessing the consequences firsthand.

 

 
3. Training is held annually

Cyber threats evolve rapidly, and so should your training program. Rather than a once-a-year event, cyber education should be a year-round effort that allows employees to learn at their own pace. Such an approach not only keeps the information current but also fosters a culture of continuous learning. 

For its part, Kyndryl offers many cyber learning opportunities throughout the year in different formats, helping employees stay informed about emerging cyber threats. This flexibility also allows employees to engage in smaller, regular educational activities, which can be an alternative to the comprehensive annual cybersecurity training.

 

Customization is key to engaging employees and making the content relevant to their daily activities.

Cory Musselman

Chief Information Security Officer

4. Don’t make training so basic

A one-size-fits-all approach rarely works, especially for cyber education. A tiered training system designed for different skill levels, from beginners to advanced users, can make the training more relevant and engaging for all employees. Kyndryl offers two levels of cyber education, with employees able to select more advanced training, which presents them with complex scenarios to further develop their cybersecurity skills.

 


5. It can feel overwhelming or impersonal

Cybersecurity can seem overwhelming, but the key is to make it relatable and relevant. Simplifying complex ideas and scary tactics can empower employees to learn confidently. “Break down the barriers to learning by simplifying concepts and relating them to everyday tasks,” said Musselman. 

Kyndryl’s monthly Cyber J’s series, hosted by cybersecurity experts Jeff and John, takes this approach to heart. They use pop culture references, props and showmanship to make cyber education entertaining and accessible. Whether they’re donning fly fishing gear to discuss phishing or channeling the Swedish Chef to "cook up compliance,” the J’s unique style not only educates but also engages employees in cybersecurity in a fun and memorable way.

 

 
Kyndryl has launched an interactive Cybersecurity Education course. Designed and developed by Kyndryl’s Cybersecurity Information Office, this course uses games and quizzes to create an engaging and meaningful learning experience that helps raise awareness of the risks and hazards in the digital world and offers insights into how to build cyber resilience in our communities. 

 


In recognition of Cybersecurity Awareness Month, this is the first installment of a series in October that highlights how organizations can go from risk to resilience.