ABSTRACT
To help employees recognize and change their computing security behavior, organizations need to invest in cybersecurity training and awareness programs to encourage their employees’ active engagement in complying with their security policies. However, many organizations’ cybersecurity training and awareness programs fail to achieve their goals as employees feel bored with such training programs and lack enthusiasm to participate in them. Highlighting the criticality of the success of cybersecurity training and awareness programs in organizations, this paper identifies best practices and provides actionable insights (relating cyber awareness to employees’ personal life, reinforcing security procedures and guidelines, instilling a “relaxed alert” state of employees, and minimizing security fatigue for employees) that will help enterprises develop and implement economical, effective, and engaging cybersecurity training and awareness programs.
KEYWORDS:
Additional information
Notes on contributors
Wu He
Wu He is an Associate Professor of Information Technology at Old Dominion University, Norfolk, VA, USA. His research interests include Data Mining, Information Security & Privacy, Social Media, Knowledge Management and Computing Education. His research has been funded by NSF, NSA, NASA and other organizations. He has published over 80 journal articles in such outlets as Information & Management, Journal of the Association for Information Science and Technology, International Journal of Information Management, and IEEE Transactions on Industry Informatics.
Zuopeng (Justin) Zhang
Zuopeng (Justin) Zhang is a faculty member in the Coggin College of Business at University of North Florida. He was previously an Associate Professor of Management, Information Systems, and Analytics at State University of New York at Plattsburgh. He received his Ph.D. in Business Administration with a concentration on Management Science and Information Systems from Pennsylvania State University, University Park. His research interests include economics of information systems, knowledge management, electronic business, business process management, information security, and social networking. He is the editor-in-chief of the Journal of Global Information Management, an ABET program evaluator, and an IEEE senior member.