Data Classification is Becoming Increasingly Important in Cyber Training
Many companies utilize e-learning to train employees in cybersecurity. What (new) topics are being addressed? And what are the pros and cons of online training? Computable asked Cédric Herregodts, director of Flowsparks, a provider of software for creating online cybersecurity training.
According to Herregodts, data classification is a highly sought-after skill in online cybersecurity training. He explains: “It is increasingly important for employees to learn how to handle data and acquire basic knowledge of data classification. Due to digitalization, organizations have access to more data. This brings opportunities but also risks.” Understanding the risks associated with data, knowing what data can and cannot be shared, determining the necessary level of protection, and whether information is public, confidential, or even highly classified is crucial, especially as stricter regulations regarding data sharing are introduced.
The second competency increasingly covered in training is “secure behavior.” The Flowsparks CEO explains: “Knowledge related to prevention is evolving. Previously, the focus was on setting strong passwords, but now concepts like single sign-on (SSO) and multi-factor authentication (MFA) are essential.” He emphasizes the importance of employees understanding the significance and functioning of these systems and knowing how to use them effectively. Herregodts advises using real-world examples in training to demonstrate that human error is often the cause of incidents.
Social Engineering
Another frequently addressed topic in online training is social engineering. “Cybercriminals use subtle manipulation to infiltrate employees’ personal lives. By building trust, they cunningly extract sensitive information, such as passwords and corporate data,” he explains. Trainings increasingly include methods for recognizing these tactics and teaching employees to stay alert to suspicious contacts. Herregodts notes: “While traditional security measures often focus on technical vulnerabilities, social engineering targets the human factor. Making employees aware of these risks and training them to identify misleading approaches is a crucial step to prevent sensitive business information from falling into the wrong hands.”
Reporting Incidents
Herregodts also emphasizes the importance of having a clear process for reporting data breaches. “If an organization falls victim, employees need to know how to respond and understand GDPR obligations. This also involves practical matters, such as disconnecting a compromised computer from the network and delivering it to the IT department.”
E-Learning vs. Traditional Training
Herregodts highlights that e-learning allows organizations to respond faster to incidents and reach employees more quickly. “The organization and landscape change daily; traditional training cannot keep up. If employees lack the necessary knowledge, your organization becomes vulnerable. An e-learning program can be set up ad hoc, enhancing your team’s resilience.”
He also points out that employees are increasingly expected to have technical knowledge, which varies by role. “The data employees from different departments encounter varies, making generic examples less effective. For instance, helpdesk staff are often more exposed to social engineering than others.”
Cultural differences within international companies also play a role. “E-learning allows employees to complete training at their own pace and in their language, improving both understanding and effectiveness.” Herregodts believes e-learning can increase employee engagement by offering realistic scenarios where they make decisions in cases relevant to their organization. “This interactive approach makes the learning experience more relatable, helping employees retain essential information better and apply it in real-life situations.”
Interaction with the IT Department
Herregodts lists several practical advantages: employees can complete e-learning at a time and place that suits them, training programs can be automatically translated into employees’ native languages, and organizations can track who has completed the training and send automated reminders, reducing administrative burdens.
However, he acknowledges a downside: the potential lack of direct interaction between employees and the IT or security department in e-learning settings.
Flowsparks offers software for building, translating, and distributing e-learning courses, which can also be customized in collaboration with clients. The substantive knowledge comes from the clients themselves. Companies such as truck manufacturer DAF, pharmacy chain Mediq, and telecom giant KPN use the software for their training programs.
Source: Computable
