Cybersecurity awareness programs aren't one size fits all

Have you ever purchased a canned cybersecurity awareness program?

Have you ever found a cybersecurity awareness program that someone else built and rolled it out in your business?

Did a long-gone employee set up your cybersecurity awareness program years ago, and it's been running on autopilot ever since?

These situations seem like they might work, right? Having any cybersecurity awareness program is better than no cybersecurity awareness program, right? Well, I'm not so sure about that because cybersecurity awareness programs aren't one size fits all. They need to be built with purpose, which means they'll be unique.

Is every program as unique as your thumbprint? Perhaps not, because some fundamental things happen in any business. But many extraordinary things are going on in your business that you need to address. The more you get to know your business and its operations, the more unique your program will be, and that's a good thing!

With all that being said, I want to share five areas you should explore when building your program with purpose.


  1. What are your fundamental business processes?
    1. Example: Payroll
  2. What makes your business unique? What does your company do that not every business does?
    1. Example: A sales team that travels internationally constantly
  3. What threats is your business facing?
    1. Example: Competitors trying to steal your secret sauce
  4. What risks is your business facing?
    1. Example: Low employee morale
  5. What's your appetite for risk?
    1. Low risk tolerance can easily be translated into leadership support when you sell the benefits

To learn more about building a cybersecurity awareness program with purpose register for my on-demand video training, Phishing, carrots, and sticks: Building a security awareness program with a purpose.


Popular posts from this blog

Is that love in the air or catfish?

Cybersecurity Careers

Here’s to cheating, stealing, fighting, and drinking