Discover how to deliver impactful cyber security training on a limited budget by focusing on critical topics, using cost-effective eLearning, and maximising free resources and expert guidance.
Limited budget doesn’t mean limited information security awareness.
The Project Management Triangle states that you can only achieve two of the three basic project axes – quality, budget, and schedule. For example, a low-quality project can be completed quickly and within budget.
Similarly, sacrificing (increasing) budget means you can complete on time and to the required quality.
But what if you are charged with project responsibility and only given two axes - quality and schedule to work with? What if you have little or no budget?
In an ideal information security world, all organisations would spend significant time and budget doing baseline research, developing a strategy, and deploying a thorough and bespoke awareness training programme, based on learning, communication, and engagement. Now, of course, the reality is that not all organisations can afford this. Money is not infinite, nor even plentiful, for some data-sensitive organisations. In this case, how do you best utilise a small budget for information security awareness?
Let’s look at this through the prism of how decision makers, who perhaps work for a charity or small organisation and/or have minimal buying power, empower themselves to deliver a robust information security awareness programme on a shoestring.
With the best will in the world, you are not going to be able to do everything. So, first, assess the state of your information security land. Are you a national operation with a central office and local branches staffed by low-paid employees and/or volunteers? Or regional with a similar, but smaller set-up? Or local with few, if any, branches? How much data does your organisation deal with and what type — commercial, client, sensitive (as defined by GDPR)?
Stick to the basics to help keep the cost down. Provide information security awareness training only in areas that have the most relevance to your operation. For example, if you are a charity with many employees located in high street shops, you may want to concentrate on:
If you are a B2B operation working with prospect/client commercial data, maybe add areas such as phishing and using email and the internet securely to the list above.
You are not going to be able to do everything. Assess the lie of your information security land
In both examples, subject areas such as working away from the office and information security for IT developers are probably not relevant and so, while nice to have, are not priorities.
While there may not be such a thing as a free lunch, low-cost online information security awareness training does exist. This channel is surprisingly cost-effective and greatly and demonstrably improves the knowledge of those who take the courses. As well as the accepted benefit of people being able to learn at a convenient time and their own pace, another major plus point is that with modular online solutions, you can choose training for only the most critical areas of your business (following your ‘take only what you need’ strategy).
When information security concerns move governments, police, and other authorities to provide free guidance, advice, material,s and training, you know it’s serious. Taking advantage of this official form of help is a no-brainer when putting together your low-to-no-cost information security awareness solution.
To complement the training you provide, there are free materials available to reinforce the learning. These include posters, infographics, screensavers, videos, and more. Googling ‘free information security awareness training materials’ will show where to find useful material FOC. For example, this YouTube video powerfully shows the need to maintain your social privacy settings: How private is your personal information?
When it comes to delivering an impactful information security awareness programme on a shoestring, there are three principal areas to consider:
If you would like more information about how The Security Company can help your organisation to enable employee behaviour change to improve your security culture or how we can run behavioural research to pinpoint gaps in your security culture, contact us here.