Security and resiliency

5 mistakes companies make with cyber education programs — and how to correct them

Article 1/10/2024 Read time: 1 min

Listen to article

0:00 0:00


Cybersecurity experts say human error is the biggest risk in protecting digital information. This is a common concern across companies, with most data breaches generally linked to human mistakes. However, with the right training, this weakness can be turned into a strong defense.

Kyndryl has made protecting sensitive data a collective responsibility, engaging all employees in an interactive training program. This not only strengthens the company's cyber resilience but also adds an element of fun to learning about cybersecurity.

By providing thorough cybersecurity training like Kyndryl’s, employees can learn to spot signs of cyberattacks. This can help empower them to protect the company’s most important digital information.

Here are five common cyber education mistakes — and ways to improve your organization’s training:

 

 
1. Programs are not customized to your company

Standard, out-of-the-box cyber education programs often fail to address a company’s specific needs. Tailoring the program to fit your business and your people is crucial for effective learning and retention. Kyndryl’s cyber education is tailored to the company’s unique culture and the real challenges employees face, such as CEO impersonations or targeted phishing simulations. “Customization is key to engaging employees and making the content relevant to their daily activities,” said Cory Musselman, Kyndryl’s Chief Information Security Officer.

 

2. Cyber training isn’t fun

Let’s face it: nobody enjoys sitting through hours of monotonous slides. Musselman believes that turning learning into an exciting journey with interactive modules and real situations can revolutionize the training experience. Kyndryl’s cybersecurity training incorporates gamification for better engagement, featuring immersive labs where employees navigate through a “choose your own adventure” style scenario, making decisions and witnessing the consequences firsthand.

 

 
3. Training is held annually

Cyber threats evolve rapidly, and so should your training program. Rather than a once-a-year event, cyber education should be a year-round effort that allows employees to learn at their own pace. Such an approach not only keeps the information current but also fosters a culture of continuous learning. 

For its part, Kyndryl offers many cyber learning opportunities throughout the year in different formats, helping employees stay informed about emerging cyber threats. This flexibility also allows employees to engage in smaller, regular educational activities, which can be an alternative to the comprehensive annual cybersecurity training.

 

Customization is key to engaging employees and making the content relevant to their daily activities.

Cory Musselman

Chief Information Security Officer

4. Don’t make training so basic

A one-size-fits-all approach rarely works, especially for cyber education. A tiered training system designed for different skill levels, from beginners to advanced users, can make the training more relevant and engaging for all employees. Kyndryl offers two levels of cyber education, with employees able to select more advanced training, which presents them with complex scenarios to further develop their cybersecurity skills.

 


5. It can feel overwhelming or impersonal

Cybersecurity can seem overwhelming, but the key is to make it relatable and relevant. Simplifying complex ideas and scary tactics can empower employees to learn confidently. “Break down the barriers to learning by simplifying concepts and relating them to everyday tasks,” said Musselman. 

Kyndryl’s monthly Cyber J’s series, hosted by cybersecurity experts Jeff and John, takes this approach to heart. They use pop culture references, props and showmanship to make cyber education entertaining and accessible. Whether they’re donning fly fishing gear to discuss phishing or channeling the Swedish Chef to "cook up compliance,” the J’s unique style not only educates but also engages employees in cybersecurity in a fun and memorable way.

 

 
Kyndryl has launched an interactive Cybersecurity Education course. Designed and developed by Kyndryl’s Cybersecurity Information Office, this course uses games and quizzes to create an engaging and meaningful learning experience that helps raise awareness of the risks and hazards in the digital world and offers insights into how to build cyber resilience in our communities. 

 
Start the course


In recognition of Cybersecurity Awareness Month, this is the first installment of a series in October that highlights how organizations can go from risk to resilience.
 

Topics
Security and resiliency

Recommended Content

Senior Computer Science Engineer Looking at Big Screen Display Showing Global Map with Data Points. Telecommunications Technology Company System Control and Monitoring Room with Servers.
Security and resiliency

Kyndryl named top 5 cyber resilience services market share leader

Press Release 10/10/2024
Concentrated men and women are reading information on election ballots before casting their votes
Security and resiliency

How to safeguard election integrity in an age of cyber threats

Article 9/10/2024
Engineers Meeting in Technology Research Laboratory: Engineers, Scientists and Developers Gathered Around Illuminated Conference Table, Talking and Finding Solution, Inspecting and Analysing Industrial Engine Design.
Security and resiliency

Kyndryl collaborates with University of Waterloo’s Cybersecurity and Privacy Institute

Press Release 24/09/2024