By Paresh Patel, Carbyne CISO
With cyber threats increasing in scale and sophistication, comprehensive and ongoing cybersecurity training is essential for ensuring PSAP employees at all levels can help identify and mitigate risks. When developing training programs, PSAPs should focus on the following.
Cover fundamental topics like identifying phishing attempts, using strong passwords, practicing safe web browsing, and reporting suspicious activity. Refresh this baseline knowledge annually to establish a culture of security awareness. Update core concepts as threats evolve.
Get buy-in from leadership and make training mandatory for all employees from call takers to IT staff. Emphasize that cybersecurity is everyone’s shared responsibility, not just IT’s.
Incorporate role-specific training to provide the specialized knowledge each job function needs. For example, 911 dispatchers may need training on radio encryption and access controls for CAD systems. Network administrators need education on technologies like firewalls, intrusion detection, and vulnerability scanning.
Make training engaging, hands-on, and relevant. Use real examples and simulations of hacker techniques. Let staff attempt to phish their coworkers with fake emails to learn how convincing attacks can be. Tie training directly to employees’ daily responsibilities like securing workstations and mobile devices.
Evaluate comprehension with quizzes, audits of workstations, and exercises like phishing simulations. This identifies knowledge gaps to target additional training on weaknesses. Consider cybersecurity tabletop exercises that walk through hypothetical attack scenarios.
Keep training up to date by subscribing employees to trusted cybersecurity resources like CISA bulletins, MS-ISAC alerts, and outage reports on major incidents. Use news headlines about data breaches or ransomware as teachable moments. Assign cybersecurity newsletters as informal reading.
Extend training to third parties like software vendors who access PSAP systems remotely. Make cybersecurity education mandatory for contractors and consultants. Limit network and system access without completed training.
Document all training activities including policies, procedures, and individual completion records. This demonstrates PSAPs’ due diligence and shows that cyber education is taken seriously across the organization.
Continuous, multimedia training that blends online learning, in-person classes, games, newsletters, and real-world practice is most effective at building a mature culture of security awareness and vigilance across PSAPs. Ongoing education prepares employees to help PSAPs adapt defenses before threats become attacks.