Meeting invitation for training overview
Protecting against the growing number of online threats takes more than technology.
While *insert company name continues to invest in new security technologies and improvements to critical tools, everyone in our community can play a critical role in preventing cybersecurity incidents.
Organizations across the world continue to face a growing number of threats with malicious individuals, organized crime and even nation-states targeting individuals for financial gain, intellectual property theft, hacktivism or just to spread fear, anxiety and chaos.
With that in mind, *insert company name is adopting a new cybersecurity awareness tool called CIRA Cybersecurity Awareness Training. This is a mandatory program for all employees. Please join us on *insert date to learn more about the program, including a brief overview of what’s required, and a short demo of the platform we’ll be using.
This is a friendly reminder that tomorrow *insert presenter(s) will be sharing important information about our upcoming CIRA Cybersecurity Awareness Training launch. Everyone at *insert company name has a role to play in reducing cyber risk. Please join us to learn more!
Launch day: 30-minute meeting on introduction to training
Key messages and ideas for presentation:
- Share what baseline training they are expected to complete. The default baseline training takes about 30 minutes to complete and comprises of a survey, four courses, and a series of phishing simulations.
- Explain how the risk score works. Each employee will get a personal risk score that is calculated from four main categories: exposures, incidents, awareness and rewards. The goal is to lower your risk score as much as possible.
- Exposures: If your email address has ever been involved in a data breach your score will be impacted.
- Incidents: Clicking on a phishing simulation or being involved in any security bad practices will impact your score.
- Awareness: Completing all your security training will reflect positively in your score. You can also complete supplementary courses to improve your risk score.
- Rewards: You will receive rewards that will positively impact your score by reporting any phishes (real or simulated).
- Share when the training deadline is.
- If you are providing incentives for teams or individuals to complete training, share what they are.
- Do a live screen-share to demo the platform, showing the personal dashboard, courses, the survey and other relevant areas.
- Show what the set-up email will look like, so they know what to expect.
- Explain phishing simulations:
- Show what the phish forward button looks like (or share what the phish forward email address is).
- Show what will happen if they successfully report a simulated phish (their score improves).
- Show what will happen if they click on a simulated phish (landing page showing the cues they missed so they know for next time).
- End on a note of encouragement – “Let’s see how many phishing emails we can collectively catch!” Share that you’ll be giving updates regularly with tips and kudos to those who have completed training and catch some “phish.”
Recap email, send slide deck/recording
Thanks to everyone who attended the CIRA Cybersecurity Awareness Training launch meeting today. For those of you that missed it, the deck is available here: *insert link/location to deck or recording.
You will be receiving an email from *insert the “from” address you’ve configured for System Emails shortly. It is not a phishing simulation! Please follow the instructions to set up your account on the platform. Once you’re in, you’re welcome to start training! Once you’re done the survey and four courses, you will begin receiving simulated phishing emails – remember, if you see any suspicious emails in your inbox, please *select the new “Report a Phish” button/forward it to *insert phish forward email.
Send welcome email to users
- Navigate to “Configuration” then “System Configuration”. Select the “Emails” tab and ensure system emails are enabled.
- Navigate to “Division Management”, then “Division Users”, click on the “Actions” button and “Resend Welcome Email”, where you will be able to select users, divisions or the entire organization to receive the welcome email.
Share training completion progress, kudos and tips
Ideas for sharing progress updates:
- Give kudos to the first individuals or departments that complete training. You are able to view this in the “Reports” section by selecting “Course Summary Report”.
- Share regular updates comparing each department’s % of training completion
- Share updates on phishing simulation data, such as how many phishing simulations total were caught by the organization.
- Remind users of the tips for spotting a phishing email.
- Talk to three people who have caught phishing emails in different teams – ask and share how did they know it was phishing? What tips do they have to pass on?
- Share which employees or departments have the best (lowest) risk score
Final reminder of deadline
This is a reminder that the deadline is tomorrow at *insert time to complete the initial training for CIRA Cybersecurity Awareness Training. Here is a link to login: *insert link
The courses and survey take only about 30 minutes to complete. Ensuring everyone has baseline cybersecurity awareness knowledge lowers the cyber risk for our organization.