Skip to main content
  • Cybersecurity

CIRA Cybersecurity Awareness Training best practices

6 tips to get the most out of your cybersecurity awareness training program

Congratulations on choosing the CIRA Cybersecurity Awareness Training! Your organization has taken a significant step on the path towards stopping criminals and reducing cyber risk in the workplace.

You should now have completed your onboarding and begun implementing training for your employees. As you come to the end of your initial default training workflow, there is more you can do to improve your organization’s training experience and ability to fend off cyber threats.

Follow this guide to learn the 6 best practices for deploying training. In doing so, you will ensure that your users are better trained and equipped to act as a last line of defense against cyber criminals.

1. Set a baseline with the default workflow

Not only is our initial default training workflow easy to set up, is also a great introduction to the platform for your employees and the best way to assess an overall baseline of your organization’s current security posture.

This workflow was developed by cybersecurity experts and is the best starting point for most organizations. Upon completion, you will have a better picture of your organization’s specific risk profile which you can monitor in the “Risk Advisor” dashboard. This dashboard will help you understand what cyber threats your organization is up against so you can formulate a more customized plan to mitigate them. As an admin you will have the ability to compare employees and teams over time which will give you training standards and baselines. Once the initial workflow is completed more can be done to strengthen your organization’s human cybersecurity defense, but we highly recommend finishing it before moving on to other workflows.

2. Check the marketplace for new courses, phishing templates, and workflows

One of the major advantages of CIRA Cybersecurity Awareness Training is that we are constantly adding new and relevant courses and phishing templates at no additional cost.

By importing individual courses and phishing emails, you can create tailored training to build and reinforce your organization’s cybersecurity culture. We also offer pre-built workflows which consist of hand-picked courses and phishing emails to complement the training. Our extensive library is easy to navigate – they can be sorted, searched, and filtered allowing you to find exactly what you need.

Looking for an intermediate course on passwords? We have that. How about an advanced phishing template targeting Office 365 users? also in the library, ready to be assigned. Make sure you regularly browse the marketplace to find material which will benefit your organization’s unique needs.

To access the marketplace, log into the CIRA Cybersecurity Awareness Training platform as an admin and click on the basket icon on the top-right of the screen.

Once inside the marketplace, search or use filters to find the courses, phishing templates, or workflows that best suit your needs.

For more information on workflows, navigate to the Platform Documentation page and enter “Marketplace” in the search bar.

To access the platform documentation page, start by logging into the CIRA Cybersecurity Awareness Training platform as an admin.

Click on the arrow next to your name and click on “Help and Feedback” and then “Platform Documentation.

A new window will open on the platform documentation page. Use the search bar at the top to navigate to the Platform Documentation section that you want to learn more about.

3. Assign our pre-curated workflows

Workflows combinations of courses, phishing tests, and surveys which are triggered based on conditions. As an example, a simple workflow might include a targeted phishing simulation 3 days after completing a course on spear phishing.

and security teams under a time crunch should take advantage of the pre-built workflows which are ready to assign to your teams in an instant. We are constantly adding to our workflows to ensure that relevant, easy-to-deploy training is always at your fingertips.

Our marketplace features workflows covering a variety of topics including zoom phishing, social media phishing, work from home phishing, holiday phishing and more. It also has role-based workflows for executives, faculty, and finance departments and others. Remember, workflows can be assigned to individuals, departments, or the entire organization depending on your needs.

Some of our most popular workflows are:

  • Phish Microlearning: Short, 5-minute modules which increase engagement and ensure continuous learning.
  • Training for Families: Training designed for employees to apply cybersecurity lessons learned at work back at home.
  • Work From Home Phish & Training: Is your team remote/hybrid? This workflow helps ensure they stay safe in these new work environments.

To To learn how to assign workflows, search “how to assign a workflow” from the Platform Documentation page.

4. Create custom workflows

For organizations with more specific needs or IT teams looking to be more hands-on with training, our platform allows users to create custom workflows. Before creating a workflow, make sure to consider the following:

  • What cybersecurity gap are you looking to address?
  • Who is the training for?
  • What difficulty will the training be?
  • What outcomes are you looking for?

Once you have for each of these questions, the next step is to navigate to the marketplace (see tip #2) to find the most relevant courses and phishing templates for your objectives.

Using custom workflows, you can schedule a whole year’s training at once, like roadmap planning for training!

Here are a few more tips for creating and implementing workflows:

  • Avoid assigning more than one course per month. If a user is being assigned too many courses, they are likely to become frustrated and less engaged with the training. One course a month is the sweet spot for most users.
  • Ensure your workflow includes monthly phishing simulations. Courses are a vital part of the cybersecurity solution, but hands-on simulations are needed to test the effectiveness of the training.
  • Use the workflow report. Track your users as they progress through the workflows with the workflow report. Send reminders to users who have outstanding training to ensure the best results.

To learn how to create a custom workflow, search “workflows” from the Platform Documentation page.

5. Monitor progress and celebrate your team’s successes

For best results for your cybersecurity awareness training program, your organization needs to set clear goals and monitor your team’s progress towards them. CIRA Cybersecurity Awareness Training has over twenty pre-built reports that you can access to monitor your progress in all areas related to training including:

  • Course progress report
  • Division risk report
  • Engagement report
  • Exposures report
  • Phishing simulation report

Our reports help you easily identify problem areas in your organization and give you the tools to address them. They also allow you to track the positive impact that training has had on your team and their commitment to cybersecurity.

To learn more about reports, navigate to the Platform Documentation page and search “Default Reports.”

Recognize your staff’s achievements

One of the easiest and most impactful ways to keep users engaged with their training is to celebrate their successes and milestones. While users are intrinsically motivated to track their risk scores and take ownership of their cybersecurity awareness, extrinsic motivation also goes a long way in creating a positive cybersecurity culture.

As you track your team’s progress with our reporting tool, take the time to congratulate them on their successes. Offer small rewards for course completion/risk score reduction and encourage your employees to self-enroll in supplementary training. Whether a quick personalized congratulatory email, a mention in internal newsletters, or a pizza lunch, your team will be motivated by the recognition and more likely to stay engaged. These simple steps can make to how training is received by your team.

6. Be on the lookout for our release notes

The CIRA Cybersecurity Awareness Training Platform is constantly adding new features. Every month we send out an email newsletter outlining these changes and how they improve your experience on the platform. Changes include new courses and phishing templates, platform enhancements, reporting updates, user management changes, and more.

Make sure you read the newsletters and take note of any new features which would benefit your organization. Just as cyberthreats are evolving, so too is our platform to mitigate them. Our newsletter also includes useful tips to get the most out of your Cybersecurity Awareness Training, and general security tips for home as well as the workplace. Stay tuned and get the most out of CIRA Cybersecurity Awareness Training.

Related

Organizations across Canada </br>are unprepared for AI-driven cyber threats

Organizations across Canada
are unprepared for AI-driven cyber threats

Read
Blog
Canadian organizations are unprepared for AI-driven cyber threats, new CIRA report finds

Canadian organizations are unprepared for AI-driven cyber threats, new CIRA report finds

Read
Press Release
The cybersecurity risks associated with new TLDs —is your organization ready?

The cybersecurity risks associated with new TLDs —is your organization ready?

Read
Blog
The crucial role of reporting suspicious emails to your security teams

The crucial role of reporting suspicious emails to your security teams

Read
Blog
It’s time for a Team Canada approach to cybersecurity

It’s time for a Team Canada approach to cybersecurity

Read
Blog
Bill C-26 is a prime opportunity to improve Canada’s cybersecurity posture

Bill C-26 is a prime opportunity to improve Canada’s cybersecurity posture

Read
Blog
Stay tuned

See more news

Read
{( translate(state.status) )}