Cultivate Buy-In For Training To Thwart Hacking Threats

Here’s a four-step plan to secure funding for a massive, sturdy cybersafety net you can launch on Monday and have up and running by Friday.

Year after year of expensive outlays aimed at foiling hackers so far have yielded meager progress, while a cost-effective alternative stares us in the face: overcoming human error.

Thanks to a new generation of cybersecurity courseware that accommodates the full range of technical aptitudes—from chief information officer to your most far-flung sales representative—the on-the-job training and education community has a rare opportunity to make a huge, positive contribution to the bottom line with a single stroke.

Here’s a four-step plan to secure funding for a massive, sturdy cybersafety net you can launch on Monday and have up and running by Friday.

1. Build your case on two main whys: mobile’s reach and phishing’s rise. By next year, according to Target Marketing magazine, the 20 billionth mobile phone will be sold. The world operates through and in the “cloud.” With so many potential victims and entryways at criminals’ fingertips, it’s no surprise they favor the easiest strategy to plunder our bank accounts, medical histories, trade secrets, or whatever else they want.

Phishing with a clever false identity as bait fits the bill perfectly. All it takes for disaster to strike is a harried co-worker who clicks open a fake birthday e-card or what appears to be a timely, personalized alert from a trusted source. Still, human nature clings to comforting assumptions—that database breaches occur solely at an esoteric and sophisticated level and, therefore, aren’t an immediate concern.

Counter “it won’t happen here” thinking with a dramatic case history taken from the latest hair-raising headlines. If possible, zero in on a competitor or a company with a similar profile. Your audience won’t need much prodding to draw a vivid picture of shrinking market share, a plummeting stock price, widespread layoffs, lawsuits, and countless other misfortunes.

Next, offer a concise view of cybercrimes’ rampage through our economy. Quote industry reporters and experts, especially those who take on the task of quantifying a hack’s long-term damage.

2. Create a lesson plan anyone can follow. Phishing’s best disguises tap our deepest longings, survival instincts, and most ingrained habits. That last word—habits—is precisely the means by which you’ll turn the tables on the next Web-borne impostor who sneaks up on your enterprise. A habit is no different from a skill; both can be taught, strengthened, and measured with innovative, thoughtful curricula and expert, accomplished instruction.

Promote the fundamentals of your plan by drawing on this concept and linking it directly to the cybersecurity awareness courseware you research, test, and match to each student category within your organization.

Describe how best practices for a mobile, connected workforce rest on greater sensitivity to suspicious e-mails, more robust passwords, and better watchfulness over the dangerous intersection between technology and the con artist’s tool kit.

Emphasize that any employee who logs on to the Internet (e.g., everyone) plays a crucial role in guarding your firewall, once empowered by the right learning experience.

At the same time, remember to steer clear of “the weeds.” If you see too much detail about the minute-by-minute transformation to a smarter cybercitizen in your material, remove it.

3. Accentuate the positive of big, big savings. Finish off your fundamentals with one of your best selling points: your plan’s affordability when compared to the heavy spending new hardware and software usually require. Underscore the relatively fast schedule you envision for completing the new program to reinforce this powerful benefit.

4. Recruit your cheerleaders before the game begins. If anyone appreciates the value of good teamwork, it’s a Training professional. Stick with this winning principle by first reaching out to other groups or departments to uncover and articulate each one’s specific vulnerabilities to a hypothetical cyberattack.

Once you’ve gathered relevant feedback and woven it into your content, have a spokesperson from each participating division join you for the Q&A. Even if no one asks the team you’ve assembled any questions, its presence speaks louder than words the encouraging news: You already have buy-in.

Bill Rosenthal is CEO of Logical Operations, a developer and publisher of on-the-job training courseware specializing in productivity, technology, and sales and marketing. For more information, visit