Why Employee Education and Awareness is Critical for Organizations to mitigate Shadow IT Risks

Any CISO would replace most of the security budget for an organization where every employee is vigilant, well trained for suspicious emails and websites, proactive in using security best practices and careful about using and sharing sensitive data. Tools and products are only as effective as the people running and using them every day. Classroom awareness training and even “fun” and “interactive” online courses lack the three essential parts for any learning to take place. It needs to be relevant, tailor-made to the individual, and come at the right time.

According to a recent study, employees tend to adapt behaviors from their own applications and from their own research much more effectively than via corporate training. Keep in mind, this is about adapting behavior, not memorizing policies and training for an exam.

Scirge shows up when employees are already focused.

Due to the powerful trend of migrating everything into cloud-based web applications, including data management, CRM, business intelligence, and collaboration tools are the single highest value real estate of anyone’s attention during work. Scirge sits right there, monitoring corporate credential usage and collecting application metadata for cloud visibility, and at the same time, providing in-browser awareness messages exactly when it is relevant.

If an employee is using a weak password, Scirge will let them know about it. If an application is not supported, Scirge will provide a list of supported ones. If an email address belongs to someone else, Scirge will prompt the user to use their own for creating accounts. If there is multi-factor authentication, employees will be prompted to use it when available.

All of these actions and more can be triggered based on employee action, right at the time of relevance, and can be repeated and enriched with further metadata to follow up via emails, SMS or other channels.

We will let each employee know about which of their actions are risky, or against policy, providing the details of their behavior and the exact sources of risk.

Scirge allows you to send an email or other type of message that includes all of the variables of online app usage, including the account information and password hygiene issues. This makes your messaging relevant to everyone. Instead of carpet-bombing your organization with awareness warnings, Scirge only sends a message to the relevant person, and when it is relevant.

And one more thing. The most difficult part in the education of cybersecurity, is to measure the results. No-one likes to take a test on things that they feel is not relevant. Remember that most people do not feel responsible for their organization's security.

Scirge correlates historical data such as the number of weak or reused passwords, so we can assess how effective the security trainings are, and how well your employees are responding to the Scirge messaging. If employees do well, it should give some peace of mind to CISOs, especially when their security budgets get slashed.

Read our related blog posts: