In virtually any organization cyber-security begins on the front lines, with the people who actually have their fingers on the keyboard or their hands wrapped around the mobile device. This is no less true in senior housing, where any number of individuals across the organization may have access to data or systems that need to be safeguarded.
While shoring up the technology itself is a first priority, senior housing leaders also must set their sights on the need to train staff. Once policies have been established for the use of technology assets, those policies must be communicated, and typically more than once, to those charged with putting these systems to work every day.
How can you best train your senior living staff on cyber-security? Here are five basics.
1. Identify roles
Cyber-security is in many ways a role based endeavor. The security of data rests in large measure on the purpose to which it is being used, and therefore any effort to safeguard that data begins with identifying the user.
Before setting out to train an employee on the usage protocols of any system, it is important to first identify who will have access to that system. This eliminates the possibility of redundant training, and more importantly this process of identification helps to determine exactly what kinds of skills and awareness any given user will need, based on their expected interactions with the system.
2. Make time
To train on cyber-security effectively, staff members need to have some breathing space. In senior housing in particular, where people may find themselves wearing many hats and fulfilling multiple roles, the spare couple of hours that it takes to train can sometimes be hard to come by.
In making cyber training a priority, company executives need to factor in this critical issue. That might mean making backup staff available to cover shifts if necessary, or it may mean budgeting for overtime.
Cyber topics have a tendency to sprawl. Threat vectors are all over the boards, with bad actors bringing forth a virtually endless array of potential attacks. Defenses likewise can be extremely broad ranging, including policy and procedure and specifics of technological implementations.
It is a lot to bite off, and it is imperative that management comes to the table well prepared. Any cyber training needs to be honed as finely as possible to address a specific audience, a specific technology, a specific strategy. Thorough preparation in advance will ensure that everyone gets the most out of any given training.
4. Follow up
Cyber training is very much a matter of practice. One can get the basics in a single PowerPoint, but putting those ideas into play is an ongoing enterprise. Information that has been shared may not stick after just one training. Training should include follow-up sessions as needed to reiterate information already shared or to fill in the gaps for those who have encountered unexpected situations.
5. Get help
While cyber training may fall under the general heading of information technology, not every IT shop is equipped to handle the educational requirements of today’s complex cyber environment. For those who have the deep technical expertise, but who may lack a background in training and education, an outside consultant can be an important ally. These professionals may possess specific training skills, and may also have sufficient distance from the organization’s enterprise to be able to spot and articulate specific cyber concerns that need to be conveyed to the staff.