this post was submitted on 06 May 2024
11 points (100.0% liked)
cybersecurity
3194 readers
9 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I work at an educational institution that doesn't really prioritize security, or anything IT related for that matter. We are a very small team (3 people) and we can't really enforce any institution-wide training. We send regular PSA emails and that's about it.
Of course, we have control over password policies and external access through workspace management tools, but we don't have control over a lot of higher-up decisions. I wish I could enforce even stricter password policies but it's just not possible for the higherups.
I was thinking of raising funding for some sort of cybersecurity day event at the institution, but when it comes to funding, you know how generous educational institutions are.
Ah, yeah I feel you. That's indeed an uphill climb especially if the higher ups themselves do not support you. I think a cybersecurity event is a good way to do it. If you end up getting smaller funding, you can also do short brownbag meetings with free snacks and/or giveaways. Free stuff is always an incentive for people to attend. Keeping events short (30 minutes or less) also helps. Then make your presentations interactive, instead of just lecturing do's and dont's to employees. Do scenario based discussions and let employees come up with ideas/solutions. That reinforces the knowledge if they feel like they came up with the answers and you validate them.