Building for long-term success
David Vacuda, Director of Information Technology at Specialty Steel Works, has been steadily improving his approach to security awareness training for years. “When we first started, we would deliver 15-20 minutes of training at a time, and we used to get a lot of pushback,” explained Vacuda. “Since switching to a shorter course of materials, we have received a lot more positive feedback.”
However, employee satisfaction isn’t the only thing on Vacuda’s mind. “Things changed when the pandemic started, and office personnel started working from home. We aligned our courses with specific topics focused around remote working, Wi-Fi hotspots and other relevant topics.”
Anybody that has an email address has to take this training. And if upper management can do it, they feel anybody else can do it too.
C-level support sparks paramount success
While the need for a stronger security awareness program was obvious, Vacuda knew its success relied upon buy-in from upper management. “IT can yell and scream all they want about the importance of employee training,” said Vacuda, “But when you get upper management involved, people immediately start to listen.”
With Infosec IQ, Vacuda and his team can deliver bite-sized training videos that fit into everyone’s schedule, allowing C-level executives to participate and set an example. “Anybody that has an email address has to take this training. So upper management is well aware of what employees are being trained on.” Vacuda explains. “And if upper management can do it, they feel anybody else can do it too.”
By requiring commitment from all employees, Specialty Steel Works has been able to lower phishing rates and boost program participation to 100%. The big-picture result is an entire workforce that’s engaged and invested in the security of their company –– and their own personal security.
Reducing risk, raising healthy skepticism for life
While the quantitative data proves just how effective their program is, anecdotal evidence shows its long-lasting impact. “We have had employees reach out to IT and acknowledge how much the training has helped and made them more aware of potential threats to both the business as well as in their personal lives,” says Vacuda.
“I’ve had employees tell me, ‘I ran into something suspicious online at home. From the training, I was able to pick out some things that didn’t look right.’”
For Vacuda, keeping the organization secure is priority number one, but the added peace of mind doesn’t hurt. “It makes you feel good that you’ve put something in place that has actually impacted somebody in their personal life, not just in their business life.”
How to sharpen security awareness at your organization
While it’s no secret that new initiatives are often met with hesitation, Vacuda encourages everyone to push past the resistance and get support from your executive team.
“When you try to implement something that’s going to affect everyone, you are obviously going to get pushback because it’s something new and it might not feel like it’s worth it,” Vacuda explains. “But when you show people how valuable and easy the training is, everything falls into place.”
Specialty Steel Works is an Impact Award finalist in the 2021 Infosec Inspire Security Awareness Awards. The Impact Award celebrates success stories from our most innovative and inspiring clients and partners. Award-winning success stories detail high-impact, innovative security awareness and training initiatives that empower employees and motivate effective security habits.