How To Create Better Cyber Security Training For Managers And Your C-Suite
Michael Hansen
🍿 5 min. read
By now, everyone understands the importance of cybersecurity. Seems you can’t swing a wireless router without hitting an article on two-factor identification and cybersecurity for beginners. It’s true that this valuable information can protect the human attack surface that hackers are so fond of targeting. But what about your C-suite? Cyber security training for managers is not emphasized as much, and it should be. After all, who is the face of the attack when a data breach comes to light, the accounting team or the company CEO? Turns out, management security training means more than just changing your password, and it can affect the success (or failure) of your company. Here's what you need to know.
Why is cyber security training for managers so important?
All employees need comprehensive cybersecurity training to protect your company's and customer's information, but even the most tech savvy and successful business people slip up.
Latest in a long line of hacked CEOs include Jeff Bezos, CEO of Amazon and owner of The Washington Post. In March 2019, Saudi hackers obtained access to his phone and leaked personal information on an extramarital relationship that resulted in a divorce filing.
Bezos’s experience is highly personal, but other executives face attacks that are impersonal but no less serious.
Hackers are getting more sophisticated in the way they access personal accounts, a development that could lead directly to access to business accounts. Jack Dorsey, Twitter and Square CEO; Dick Costolo and Evan Williams, ex-Twitter CEOs; and Biz Stone, Twitter co-founder found themselves in an awkward position when the technology leaders became victims of hacking though their Pinterest and Foursquare accounts. These particular hacks exposed weaknesses in Twitter’s own servers that company executives previously denied existed.
In related hacks, so-called “white hat” hackers also got into the profiles of Google CEO Sundar Pichai and the Twitter accounts of Mark Zuckerberg, his sister Randi Zuckerberg, Spotify founder Daniel Ek, Amazon CTO Werner Vogels, and actor Channing Tatum. White hat hackers claim that they aim to expose security vulnerabilities to help companies, but their hacks are often vulgar or controversial in some way. Some of them are accompanied by helpful offers to “secure” a company’s database for money.
Does this sound helpful? Your clients and customers probably don’t think so, and your bottom line feels the effects of unauthorized access immediately. Hacking costs companies in the U.S. hundreds of millions of dollars annually but even more than that in the long term. Loss of customer information and decreased customer confidence can continue to affect your company long after a security breach is detected and repaired.
For small business, the hacking threat is even more serious. Fully 60% of small businesses may fail partly due to security breaches.
Regardless of your company’s size, cyber security training for managers is not optional.
How to develop better cyber security training for managers and executives
Developing better cyber security training for executives and managers goes beyond setting down password requirements and looking at common phishing scams (although that might be included, too).
Mark Zuckerberg’s simple password notwithstanding, your executives probably already have a basic level of knowledge about the importance of cyber security. Executive level cyber security training for managers goes beyond that to look at system-wide security and puts protocols in place to handle attacks.
Using the Marriott Hotels hack as a model, let’s look at what cyber security hands-on training might look like. In 2018, Marriott revealed that hackers had been tapping into their Starwood Hotel frequent traveler database since 2014. Although social security numbers were not accessed, as many as 500 million people were affected by hackers who accessed their email addresses, passport numbers, payment information, and travel preferences.
Reporting at all levels
The first thing Marriott did right was to have a system in place for reporting the breach.
As an international chain of hotels, Marriott is governed by the General Data Protection Regulations (GDPR) that require fast and transparent reactions. This means that executives and cybersecurity professionals were required to report the breach as soon as it was realized. In your own company, it’s imperative that all employees (including the C-suite) know how to report suspicious activity.
It’s impossible to investigate what you don’t know exists (or isn’t reported properly). Cyber security hands on training can include drills and simulations that have executives walk through the steps of reporting a breach.
Notifying your customers
The next aspect of your cyber security training for managers program might include what comes after the breach is reported. Marriott quickly began investigating the reported breach and set up a call center for customers, even over the Thanksgiving holidays, to answer questions and address concerns.
This occurred a week after the breach was found. Do your managers and C-suite know how to notify customers and what steps to take to fortify cyber security after the breach is discovered and being repaired?
Make this a crucial part of the training that restores client confidence and protects their relationship with the company going forward. If your company does not have a formal plan in place, part of management security training might be developing that plan. This could include how customers or clients will be notified and time frames for that communication. Experts in developing these responses can be a great resource in this step of training.
Elements of a manager cyber security program
The last adjustment Marriott made was to increase the level of data protection offered to their clients.
For some managers and executives, this is a core part of the training. At its most basic, cyber security training for managers focuses on how to protect company and client information, but this extends to executives as well.
A quality cyber security training for managers program overhaul will include:
- Training needs analysis to see what level of training is necessary. This will depend on the size of the company, the current skills of your leadership, the sensitivity of the data, the industry, and the age of the company.
- Training that is ongoing, personalized for an executive’s prior knowledge, and geared towards their level of interest and time available.
- Education on systems that are in place for reporting breaches, contacting customers, and preventing future attacks.
- An assessment of potential vulnerabilities, both at the personal level of the executive and at the broader, company-wide level.
Because of their high profile, upper-level executives are vulnerable to attack. A solid cyber security training for executives will help them better understand potential threats to the company to protect clients and the company's bottom line.
At EdgePoint Learning, we offer a customized learning experience that breaks down location barriers and speeds up the professional development process. Our experts can help you develop cyber security training for managers that is just-in-time and focused on your unique needs.
Get in touch today to see a demo of our past cyber security courses.