Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

  • arcosenautic@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 months ago

    Not strictly career related, but how can I make regular people aware of the importance of cyber security in day to day work? My nontechnical colleagues really brush off security as an optional measure and it’s really pissing me and my coworkers off.

    • edric@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      Does your org have a security awareness program? It would easier if you can mandate some training or at least some brownbag meetings where you can present some basic security pointers.

      • arcosenautic@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        I work at an educational institution that doesn’t really prioritize security, or anything IT related for that matter. We are a very small team (3 people) and we can’t really enforce any institution-wide training. We send regular PSA emails and that’s about it.

        Of course, we have control over password policies and external access through workspace management tools, but we don’t have control over a lot of higher-up decisions. I wish I could enforce even stricter password policies but it’s just not possible for the higherups.

        I was thinking of raising funding for some sort of cybersecurity day event at the institution, but when it comes to funding, you know how generous educational institutions are.

        • edric@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          7 months ago

          Ah, yeah I feel you. That’s indeed an uphill climb especially if the higher ups themselves do not support you. I think a cybersecurity event is a good way to do it. If you end up getting smaller funding, you can also do short brownbag meetings with free snacks and/or giveaways. Free stuff is always an incentive for people to attend. Keeping events short (30 minutes or less) also helps. Then make your presentations interactive, instead of just lecturing do’s and dont’s to employees. Do scenario based discussions and let employees come up with ideas/solutions. That reinforces the knowledge if they feel like they came up with the answers and you validate them.