The way we work is changing all the time, and maintaining robust data security practices is vital. But your biggest threat may be your own employees; 90% of security breaches involve employee error, costing businesses an average of $3.86 million in remediation costs.
According to KnowBe4, by deploying security awareness training, organizations can reduce their risk of a phishing attack from 27% to 2% within one year. Emphasizing employee awareness of cyber threats, even for small businesses, will ultimately protect your data, infrastructure and dollars.
Key Points for Effective Security Awareness Training
To ensure success in your training program, cover the following key points.
Phishing – 49% of malware comes from email. Train and test users to spot fake emails and landing pages. Tips for spotting phishing emails include unnecessary attachments, incorrect copyright dates, spelling errors and more.
Desktop Security – At home or in the office, educate users to lock their computers when they step away.
Wireless Networks – Assume every unknown network connection is not secure. Avoid sensitive information when using networks you do not trust.
Password Security – A complex password is where security starts. Most sites recommend that passwords use memorable phrases, have a minimum of eight characters and are mixed case. In addition, requiring users to change their passwords every few weeks will encourage them to select easier and less secure passwords.
Malware – Train users to report suspected malware immediately. It is better to be cautious and investigate a situation than to wait or ignore it. If it is in fact malware, timing is key in minimizing the impact.
On average, employees take 30 minutes to report suspicious content. Let employees know that time is of the essence when it comes to security threats. Security awareness training reduces the number of human errors and reiterates the importance of reporting any errors immediately to minimize the damage done.
Types of Training
Online training – Identify a vendor that provides security training courses. This can be part of employee onboarding or quarterly training programs.
Classroom training – Monthly or quarterly “Lunch & Learns” covering various security topics help keep security top of mind.
Phishing Campaigns – Simulate phishing emails to test and track employee performance. From testing data, you can identify which users may need additional training or show trends of security awareness improvement.
Drip Campaigns – Implement a regular security newsletter and signage around the office to serve as a reminder. Encourage employees to report anything suspicious immediately.
Options for Providers
You have options when it comes to tools assisting your security awareness training initiatives. Consider what types of training you wish to provide, who your audience is and the budget you will allocate to this project to help determine the tool for you.
KnowBe4 – KnowBe4 is the largest security awareness and simulated phishing platform. Train, test and track the results of your users with their robust phishing templates and reports.
Mimecast – Mimecast offers a variety of protections for businesses on their cloud-based platform. These protections range from email security to malicious web activity. Their security awareness training engages employees in video modules that focus on different threats and how to respond.
Microsoft – Microsoft has a wide range of security offerings for home and office. If you use Microsoft and have Advanced Threat Protection (ATP) Plan 2 or higher, there are threat tracking and simulation tools available to you.
Contact our trusted partners at Porcaro Stolarek Mete Partners to help determine what security awareness training could look like for you.
This post recaps the presentation from PSM Partners at the IT Roundtable on August 20, 2020. See upcoming roundtables by clicking here.