Is Cybersecurity the Next Compliance?

What do we learn and what can we teach from the cyber attacks happening all around us? Or do we just sit back and say, “there’s another one”? If among us we include the trainers and training designers, evangelists, and business leaders of this world, is it not our role to try to educate our staff (and potentially our future staff) in how to be more web savvy?

Every single day we see something in the papers or on the news about yet another attack. “The head of security at xxx has been hacked,” “GCHQ backdoor found,” “After Snowden, how vulnerable is…” We also see 300 thousand, 40 million, or 60 million credit cards or personal accounts or bank details hacked, stolen, accessed.

In the next breath the media publishes the top 20 most-used passwords in the world today. Top of the list is “123456”—seriously? Or how about “starwars”? Someone told me they could not remember their passwords, so they changed all their passwords to “incorrect.” When they typed any random set of letters or number into a password box, a pop up told them that their password was incorrect—ah, now they remembered it! Do you wonder we have some problems?

Thinking like a thief

To understand what we can learn and what to educate, we have to get inside the head of the cyber thief and understand a little of what they are doing. Sounds easy, but trying to explain what is really going on is an uphill struggle. Each time we get a handle on what is happening, the thieves do something different. I put together the following analogy to try to show the whole picture in the simplest terms. Once we have that picture we can move forwards.

Cast your mind back to the old Wild West where gun-slinging robbers, wearing leather chaps and a mask over their eyes, got off their horses and shot up the small town bank to steal the money. In those days there was a small room in the bank that held the cash. The thieves would walk in with guns blazing, fill a saddle bag with money, and ride off into the sunset with a posse on their tail. Come forward to today and the thief walks in and steals your data in broad daylight and has all the IT techies trying to work out where he went. Has anything changed?

So back to our story. To stop the gun-blazing attack, the banks realized they needed to build a vault for the money. These got more and more complicated as the decades went by with bigger locks, time locks, then bars at the windows, security devices, closed-circuit TV (CCTV), and now armed security personnel standing guard outside and inside when the bank is open.

The thieves got clever and stopped trying during the day with all this security. They started to work at night or weekends when the bank was closed, so they could not be seen. This is not too dissimilar to the cyber thief who comes in quietly and hides—not wanting to be found. To stop bank robbers attacking at night, bank owners put even stronger locks on the doors, followed by walls around the building (firewalls in the IT world). When thieves climbed over the walls or cut holes in them, owners made the walls taller and stronger. They added guards behind the walls 24/7 in the bank.

The walls however still don’t stop the occasional thieves. Over the Easter 2015 holiday, the biggest heist ever in UK history was attempted by a group of eight middle-aged and elderly men who cut through concrete walls and raided the most secure vault in London, only to be foiled by modern-day technology they did not understand: CCTV caught the leader parking his own white Mercedes convertible just around the corner, and the group called a cab for the getaway. They made a haul of jewels, cash, and other valuables worth millions of English pounds.

How does theft happen in the virtual world?

While a thief would be pretty obvious wearing a stripy black and white shirt carrying a bag labeled “Swag,” the thief embedded in software can’t breach the firewall or get past the antivirus without being recognized. The parallel in the online world to the guards in the bank is the antivirus tools looking for what they can recognize.

Now if the thief had worn the right color shirt or arrived in a delivery truck, with what appeared to be the right credentials, I bet the security guard would think he was a good guy and just let him in—once. After that, the guard would recognize the thief, so the thief would have to put on a different disguise each time he tried. This is what the modern day technology thief does: each time he arrives he looks different, has a different story, and has learned from the last time he got stopped. Each time the phishing email arrives, it is a little different, Nigerian princes have become free iPads and all sorts of tricks to get you to click—and there is a sucker born every minute of every day.

Our physical thief, having run out of different disguises looks for a different method and now, like the thieves in the story above, tries to tunnel in. Going under the defenses worked for a while too. However, by now the bank looked like Fort Knox and was pretty hard to penetrate. The cost of all this security had become so high that companies could really no longer afford it. So they buried their heads in the sand and just hoped it would not happen to them. In the IT world this is all too familiar.

Enter the scammers

Where are we now in our story? Are you getting a picture?

In the cyber world, we now have (figuratively speaking) pretty secure banks, deep strong vaults, and many security features. Guards all day and night, cameras, and everything else we possibly can have to keep them out. But the cyber criminal still manages to get in? How?

The latest techniques use the oldest, simplest methods. Fool the guard into opening the door for you. Hijack the delivery van. Break into the office of the company or contractor that maintains the air conditioning and see if you can find the access cards the workmen use.

There are other ways. If you saw a wooden horse approaching your local bank, a horse on wheels moving slowly and it looked like it had people inside it, you would know there is something not right. But we allow Trojan horses into our computers by accepting documents and PDF’s and USB sticks from people we do not know, and we open them without question.

“Not me,” I hear you thinking, but do you remember that last conference you attended? All those freebies? How many of them plugged into the USB port on your computer? We visit sites we know we probably should not, and click on links sent from our friends on social sites that supposedly contain a joke or sexy picture or some other lure. No different from that wooden horse outside the bank! And you are the accepting gatekeeper, duped to opening the door. Computing pioneer Rich Pasco has done a great job of compiling a list of scams: http://www.richpasco.org/virus/everytrick.html

Do you want to know how I would do it? Simple, really; you would win the competition at a conference and get a free iPad. I’ll even take your smiling picture as you are presented with it. Go back to your hotel and plug it into your laptop for me, will you? Some call me a little paranoid, but if you worked where I work, you would be too.

The big time thief uses more sophisticated techniques. They will find out, using social engineering, all about you, your company, where you have been, where you are planning to go. And then they will impersonate someone you know, mentioning things that you know that person knows, and they easily trick you into opening the door for them. They know you probably use the same password on Facebook, Twitter, and your bank, not to mention your office laptop.

The sad part is you probably won’t know you were duped, in fact you won’t even give it a second thought. (Have you done a stupid quiz recently on Facebook? Did you log in to get your results using your Facebook password? Oh, oh!) But what they have done is use you to gain access to your customers or clients. For example, recently a CFO was duped to transferring hundreds of thousands of dollars to a Chinese bank. This by an email seemingly from the CEO that said, “This is secret, don’t tell anyone, it’s highly sensitive information, but send a few hundred grand to an unknown account for me in China.” Without question the CFO did what he was told (I know it sounds farcical when you read it here, but this really happened). It was not until he got the next email that said, “great job, now can you do it again for a few million?” that he even thought to pick up the phone and ask the CEO, “Are you serious?” Reading this now in hindsight you would never have been duped like that, would you?

Don’t be the low-hanging fruit

Of course in the physical world the criminal looks for the easy win. That money or the gold bars or those high-value jewels are hard to attack in the vault. But when you move them, they are an easier target. Armored trucks delivering to Fort Knox are easier to attack than Fort Knox itself.

Here is where the fight back begins in our analogy. This is where the cyber companies are fighting what we call World War C (cyber). This is where you play a part in re-educating your staff as to what is good and what is bad.

There are many types of cybersecurity (actually there are very many, but few that are effective). Either you increase the defense and try to stop them getting in, or you accept they will probably get in, recognize them as they do so, and stop them taking anything out.

The first option is increasing defenses to stop them getting in; this is proving harder to achieve. Some cyber-security systems work by analyzing files to look at the signature of the file and comparing that against a database of known signatures. If you alter a file by just one byte you change the signature. But if your database of signatures is just a few minutes out of date, they are easy to beat.

Our armored truck delivering to Fort Knox handles money in cases that the operatives carry. They made the cases small on purpose so they carry less value, lowering the individual case loss in the event they are attacked. But now the operative has to make more journeys from truck to vault which increases the risk again.

The second option comes into play if you attack one of those cases. Try to open it without the right key and something explodes inside sending fluorescent ink (called SmartWater) all over the money and the thief, making the money zero value and marking the thief so he can be seen 100 yards away. He got in, he got the bag, but there is nothing he can use in it, and he is now easy to spot. This is accepting they will get in, but once they’re in we shut the door and make it impossible for them to take the data out. We fool them into a sense of security, so we can catch them literally red-handed. This type of security is a big enough deterrent to have lowered the attempts significantly. Why would they? They can steal it from you easily online.

A new alternative, and really a third option to this, is to use analytics. Here the cybersecurity companies watch everything in the world and understand from the data what the most likely next attack will be. We are ready for it when it happens. Big data analytics is not new, but is becoming one of the very powerful tools in the cybersecurity toolbox.

Our role is to start to build good training material to educate the end user not to use “starwars” as their password. Ensure they do not use it on Facebook, Twitter, bank and credit card accounts, and in your corporate network. They may store all their passwords in a file on their desktop called, you guessed it, “Passwords”! I know it sounds ridiculous, but it’s true.

Train your staff not to bring outside equipment into your network. “I never joined the network,” I heard one employee say. “I just plugged my phone into the USB port of my work laptop to charge it up while I was on the train.” So you have a BYOD policy at work? Are those mobile devices within your managed defense? Don’t have a managed defense? Time for a rethink.

We need to create a fun compliancy course called “Let’s be tech savvy”—something we all claim we are, but breach almost daily in one way or another as we have become blasé.

Use new catchphrases in your organization: “Think before you click” may be a good one.

We have to constantly drip feed new information to our staff to be vigilant, not to open documents, to check when the CEO sends you a PDF file with a new share certificate as a present. Not to plug in the USB stick with the Apple logo we found in the local coffee shop this morning, however tempting it may be. Not to click on the million-dollar giveaway, especially if your brother sent it to you. Don’t do the mindless quizzes on Facebook that require you to login. Understand that the picture in your email of the hunk with a six pack or girl almost naked is a red flag waving frantically to say STOP.

I suppose I have to ask, how did you read this article? If it was on a link in LinkedIn and was posted in my account, you’re probably OK. If you saw it in a magazine that you trust, such as Learning Solutions, don’t panic—it’s safe. But if someone sent you a link, or attached it as an email—“great article by…”—you may want to check who the sender really was.

[Editor’s Note: While I was editing this story, an email arrived with great news: “BFTSPLK JACQUELYN shared this with you. Catherine just sent you $2,223.00 with PayPal!” No, thanks, Bftsplk Jacquelyn, I didn’t even open the email.]

 

Reprinted from Learning Solutions Magazine

Filed Under: Articles Tagged With: , ,

The Cheapest Way to Fill the Cybersecurity Workforce Gap

For the last few years, a growing shortage of cybersecurity professionals has caused IT executives around the globe to become desperate for skilled IT workers in this field.

The 2014 Cisco Annual Security Report estimated the need for 500,000 to 1 million qualified security workers internationally, projecting this number to rise to 1.5 million by 2019.

Why?

Experts cite a few different reasons for this shortage, the most notable of those being a severe lack of experienced workers in a relatively “young” industry.

In the past, IT departments relied on contract workers to solve security issues, but only during a crisis. However, due to an influx of cyber-attacks made on myriad industries, companies are looking to invest in permanent security workers who will focus not only on the prevention of data hacking, but also on early detection and response.

But will employers be able to fill this workforce shortage?

It’s difficult to say. With an increase in demand comes an inflation of salaries for currently skilled cybersecurity professionals. So much so, that it’s becoming difficult for most companies to afford them. James Arlen of Leviathan Security Group tells ZDNet, “The reality of this is that in order to acquire new talent, companies are forced to go hunting and must be ready to put down the biggest pile of compensation.”

Training Is the Answer

So how do companies cope with this?

Arlen reveals that “while we need to ensure a trained and ready replacement workforce is prepared to supplement and succeed the current generation of security professionals, we should invest heavily in training those who already occupy the positions that protect our companies today.”

It seems like the cheaper option for businesses to provide training to existing IT employees, who already have the technical background and who are familiar with company practices. By increasing their skill sets and taking on more responsibility, IT employees have the opportunity to benefit from the increased wage demand for cybersecurity professionals.

In addition, this cross-training of IT workers seems to have worked before. According to CSO, a Canada-based information security company called Herjavec Group has been successful in converting existing technical employees into cybersecurity professionals. After acquiring a few IT services companies, Herjavec trained those new employees to become “expert cybersecurity advisers, consultants, incident responders, engineers, and security operations center staff.”

Therefore, by following Herjavec’s lead, companies have the chance to solve their cybersecurity issues through the investment of training.

As cybersecurity breaches continue to devastate businesses, it’s important to be prepared.

 

AUTHOR:  Meredith Quinn is a marketing copywriter and content developer for 360training.com, an online training provider of on-demand, multi-industry career training and certifications. Quinn composes weekly blogs that focus on the IT industry, with an emphasis on professional development. For more information, contact Meredith.Quinn@360training.com.

Reprinted from TRAINING magazine

 

Filed Under: Articles Tagged With: , ,

HR Heads to the Front Line as Cybercrime Combatants

In the war against cybercrime, human resource professionals are being asked to join their companies’ cyberdefense as “boots on the ground,” at the front lines. The reason: HR is home to valuable personal and corporate data, systems and processes that cybercriminals target day in, day out.

Whereas IT and other technology specialists work daily with the thought of protecting corporate networks, in today’s cyber risk-laden world, HR professionals, despite their limited technical expertise, must work to protect sensitive data and operate in ways that mitigate the potential for attacks by technologically proficient cybercriminals.

Take cloud-based HR systems. Because of minimal hardware costs, affordable subscription rates and scalability, these systems are utilized widely by small to middle market enterprises as well as by large corporations. Many of the core back-office HR functions, such as benefits management, time and attendance, have migrated quickly to the cloud after leaping from antiquated, paper-based spreadsheets to on-premises software.

In a recent worldwide survey of 1,100 senior IT security executives by Vormetric, 85 percent revealed they keep sensitive data in the cloud and 70 percent admitted they are very concerned about the security of the data in this environment.

This survey also found that 70 percent of respondents are concerned about security breaches and attacks at the cloud service provider, while 66 percent worry more about vulnerabilities from shared cloud infrastructure.

These fears are not unfounded. Left unchecked, cloud systems have become a potential gateway for cybercriminals to access such personally identifiable information as employee information, social security numbers, credit card numbers, bank account details, medical records, salaries and other financial data.

Social engineering schemes, with scammers posing as company executives via email (also known as “spoofing”), are moving from their original ploys of inducing a bank transfer under false pretenses to seeking to induce HR personnel to click on a deceptive link (opening ransomware) or to send sensitive payroll data, including W-2s. The seriousness of this was driven home earlier this year when IRS Commissioner John Koskinen warned company executives and HR professionals that criminals are focusing their schemes on company payroll and HR departments.

“If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees,” Koskinen said.

The Toll of Cyberattacks

So far this year, a record amount of personal information was stolen from W-2s and used to file fraudulent tax returns.

In May, ADP, the giant payroll processing company that services more than 640,000 clients, divulged a breach that exposed tax information of employees of some of its clients. The cyberthieves reportedly gained access to the tax data through an external W-2 online portal maintained by ADP.

The total W-2 social engineering and fraud impact to date, for the most recent year available (2014), is mind-boggling. According to the IRS, $3.1 billion was paid out under fraudulently filed W-2’s. The 2015 tax year is expected to see this number increase dramatically.

In other recent cases, cybercriminals are looking to target HR data or HR network access for ransom. Various types of ransomware — software used to encrypt files and lock computer screens — have been used to attack HR systems, with levels of success. Symantec reported that in early 2016, ransomware found new targets and moved beyond its focus on PCs to smartphones, Mac and Linux systems.

The Industry’s Response to Date

Despite the increased vulnerability of HR systems, many HR professionals still view themselves in the traditional role of workforce management, choosing to leave cyber risk management to other departments, notably IT.

According to a recent IBM security study released this year, 57 percent of chief human resources officers globally have rolled out employee training that addresses cybersecurity. However, the respondents’ positive percentages dropped noticeably when asked if they provided cybersecurity training that included measurable, results-based outputs, or if there was reinforcement throughout the year that provided more than a once a year cybersecurity training.

Some HR departments operate under the incorrect assumption that an HR back office cloud service provider is automatically responsible for employee data breached or exposed. In fact, should lax security measures or a breakdown in security protocols of an HR cloud or an IT service provider allow cybercriminals to steal employee data or breach personal information, the company that owns the data — and by extension the HR personnel responsible for the data — will incur the obligations (and expense) for notifications, credit monitoring and other issues.

In other words, just because a company hands over data to a cloud service provider doesn’t reduce or eliminate its liability. This is an emerging contractual issue that HR, legal and the C-suite need to work together to address in all HR IT service contracts.

The costs to notify, provide credit monitoring and hire third-party forensics experts can be staggering, potentially costing millions of dollars in the event of a successful cyberattack. Additionally the resulting business interruption expense could force small to medium-sized businesses to close.

Given the growing financial exposure and traditional duties in human resources (e.g., screening new employees, onboarding, training and the administration of sensitive HR data), HR must incorporate comprehensive cyber risk management practices across the enterprise. This is crucial; the study by IBM shows more than 20 percent of data breaches at work can be attributed to careless employee mistakes.

HR Roles Need to Evolve

The IBM report urged key executives in human resources, finance and marketing departments to be more proactive in security decisions, coordinate plans internally and to be more engaged in cybersecurity strategy and execution with the C-suite and IT.

This means HR personnel should not only stay abreast of proper security processes when it comes to accessing sensitive employee data, but they should be able to communicate updates about cyber threats effectively to the enterprise, to current and new employees, and contractors.

For example, during the onboarding process of a new employee, HR personnel can begin cyber risk education by delineating corporate policies on email sharing, network access, social media policies, what to do if there is even a doubt about the veracity of an emailed instruction, and company best practices on the use of cybersecurity tools. On a continuing basis, HR departments can facilitate cyber risk-focused internal communications to employees, particularly when the information relates to cyberattack prevention and training against emerging threats.

Another crucial emerging HR responsibility is ensuring that proper steps are taken to prevent former employees and contractors from continuing to have access to corporate networks. While this requires HR and IT to be aligned in real-time to minimize lag that could allow for a security exploit, the threat is real — a survey by Heimdal Security found that nearly 60 percent of fired employees steal important corporate data, including HR data, after departing their position.

Given their growing importance on the front lines in the war on cybercrime, it is imperative for HR professionals to evolve in their roles and become valued security partners within their organizations.

As HR systems incorporate new technologies, HR and IT, along with senior enterprise management, must partner together strategically to combat cyber threats. We’re all in this together now.

 

AUTHOR:  Paul King is senior vice president and national cyber practice leader in USI Insurance Services’ Dallas office.

Reprinted from Workforce

 

Filed Under: Articles Tagged With: , , ,

Is Your Cybersecurity Team Complete?

Cybersecurity is a growing concern for any organization. Thanks to the vast development of communication networks and technology that enables firms to track and store data more easily, every enterprise is vulnerable to the possibility that their data could be hacked — a risk that could come at a high cost.

The rise of such a threat has created a new market for jobs related to cybersecurity. According to a report from technology company Cisco Systems Inc. cited in Forbes earlier this year, global demand for jobs in the field is projected to grow by six million by 2019. Moreover, the U.S. Bureau of Labor Statistics shows that the annual median pay for an information security analyst, a common cybersecurity role, is $88,890. Earnings in the top 10 percent of the field surpass $140,460.

Most firms are unprepared for the cybersecurity threat. According to DHR International, an executive search firm based in Chicago, 75 percent of U.S. organizations are not ready to respond to a threat, even though there was a 64 percent increase in security incidents just in 2015. “The trends in this business are getting forever more technical and forever more important,” said Pete Metzger, DHR’s vice chairman. “No one is immune to this stuff.”

For companies interested in building out their cybersecurity teams, there are a few different roles that experts say they should consider:

•  Chief Information Security Officer: This high-level role is for someone who thinks broadly about risk and who has the technology acumen and communication skills to convey technical concepts in business language to an organization’s board or audit committee, according to Joyce Brocaglia, president and CEO of Alta Associates Inc., an executive search firm specializing in cybersecurity and IT risk.

•  Threat Intelligence and Security Operations Center, or SOC, Professionals: According to DHR International’s Metzger, these workers make sense of a cyberthreat. SOCs are centers for mitigating threats.

•  Product Development and Security Software Developers: These roles develop new products to defeat a cyberthreat, Metzger said.

•  Cybersecurity Policy Roles: These roles can be found in think tanks and research institutions, according to Jennifer McArdle, assistant professor of cybersecurity at Salve Regina University in Newport, Rhode Island, and nonresident fellow at the Potomac Institute for Policy Studies. People who work in cybersecurity policy aim to build awareness or provide guidance for the industry.

•  Digital Forensics Roles: When a breach occurs in a network, people in digital forensics roles identify how the access happened and gather additional evidence to mitigate against similar attacks in the future, McArdle said.

Despite the rise in demand for cybersecurity roles, supply remains tepid. This means executives looking to staff a team in the field should be prepared for a competitive recruiting process. “Those that can do [cybersecurity] well can kind of call their own shots in terms of executive roles and next assignments,” DHR International’s Metzger said.

Metzger offered executives three pieces of advice to remain competitive when hiring for cybersecurity roles:

  1. Identify the organization’s unique and most significant cybersecurity threats.
  2. Be prepared to define the specific qualities needed for cybersecurity jobs.
  3. Be prepared to offer generous compensation. The investment is likely to be at a lower cost than that of a cybersecurity breach.

For more on the background and history of cybersecurity, visit NATO’s website, which has a detailed timeline of the field.

Reprinted from Talent Economy

 

Filed Under: Articles Tagged With: , ,

3 Steps for Training Tech-Inexperienced Employees

Companies know that the quicker they can get their teams to adopt new technology, the faster they’ll be able to reap the benefits of increased productivity, better customer service, higher sales, and smarter decision-making.

But getting a whole team on board with new tools isn’t always easy. Invariably, some will welcome change, but there also will be those who prefer to stick to the old way of doing things.

Then there are those whose experience with technology is limited. For these employees, tailored and effective training becomes key. Studies show that good training can increase employee productivity and retention, and when you’re onboarding employees whose knowledge of tech is scant, it’s essential they learn without fear and intimidation. By showing them how new technology will make their work lives easier and more productive, they will learn to understand its value and adapt quicker.

We have found that by making these three steps part of your training, you can get the technology-uninitiated on board with relative ease.

1.Take a Multi-Faceted Approach. Many companies take a one-size-fits-all approach to training. But just as every person learns differently, no one person receives, retains, and embraces training in the same fashion. There will be those who thrive in a creative environment, while others who prefer structure and process.

There will be the “Show Me” learners, who learn best through visual demonstration; “Do It With Me” learners, who need a face-to-face opportunity to see the training materials in person, and the ability to ask questions of an in-person facilitator; and the “Let Me Do It” learners who thrive on exploring the new technology by themselves at a comfortable pace. Obviously, holding three different training sessions is costly and time-consuming, so the best training is done with a blended learning approach.

For example, we start with a walk-through of the technology, with a visual of the system shown on a big screen for the “show me” learners. Then we walk them through the process on their own devices for the “do it with me” learners. Finally, for the “let me do it” learners, we provide time to explore the new system on their own.

2. Make It Applicable. Whether you’re teaching employees to create a basic Excel spreadsheet or to use a sophisticated customer relationship management (CRM) system, your employees need to have a stake in the game. They need to know how the new technology will benefit them personally. There are many ways to achieve this. Start by using authentic true-to-life systems, with actual data applying directly to their role within the company.

Incorporate authentic scenarios and demonstrate how the technology applies to each scenario. Training employees based on a “day in their life” will center any learning development around actual practical usage of the technology.

Personalizing the software will provide your tech-inexperienced employees a sense of comfort in adapting to change. For example, if they are department store customer service reps training to use a point-of-sale (POS) system, include inventory available in-store and devise possible authentic scenarios the employee might encounter when using the software. Similarly, if they are new sales reps training on routing software, include actual streets and places of business in the area where they work.

We use what we call “training in production,” which means during training, employees have access to the exact system they will use after training. Once they complete the learning initiatives, we reset their production environment so they can maintain everything that is 100 percent unique to them. Not only does this help authenticate the training experience, but once they begin using the software on the job, they have all of their data in a recognizable format.

3. Simplify, Simplify, Simplify. Employees starting on a new technology may face a lot of uncertainty. If the training seems highly complex and deeply unfamiliar, their ability to adapt can shut down. This is especially true for those uncomfortable using new technology to begin with.

So simplify the process. Remember, the technology language the experts in the field use will seem like a foreign language to newcomers. So once you have written your training lessons and developed your documents, re-read them. Ask a non-tech employee to review and point out words or phrases that are complicated and not understandable by the everyday user. Then go back and rewrite.

Then, build off what your employees already know. We call this “scaffolding”—taking prior knowledge and building on its foundation. Start with something familiar—such as how to use a smartphone—and demonstrate how those basic concepts apply to the new tech. Once they see similarities they are comfortable with, it is much easier to introduce the next layer of knowledge.

Finally, once the training is over, it’s important to keep open the lines of communication and continually review and revisit your training plan, especially if you find some employees are still struggling with some concepts. Employees need to feel confident in their ability to succeed. Spending time on proper training and follow-up reinforces this principal, and ultimately lowers a company’s path to value.

 

AUTHOR:  Thomas Buckley is the CEO of StayInFront, a leading global provider of mobile, cloud-based field force effectiveness and customer relationship management solutions for consumer goods and life sciences organizations.

 

Reprinted from Training

Filed Under: Articles Tagged With: , ,

Pin It on Pinterest