Nearly 95% of cyber security incidents are caused by human error. You probably know that right? That’s why you dutifully started security awareness training with your staff. But maybe it didn’t go as well as you hoped. Maybe you sent the first test and everyone got it at once and alerted each other so you didn’t get an accurate assessment of where your vulnerabilities might be. Maybe you had trouble getting completion on the training. Alert employees are still a critical piece of a strong cybersecurity posture so here’s how to make security awareness training more effective.
Train on a more frequent, ongoing basis. Annual security awareness training is the bare minimum, the keyword being “bare”. Once-a-year cyber security training is not going to create vigilant, aware employees. Monthly is ideal, but even quarterly intervals will improve the security posture of your employees. This also allows you the opportunity to review training topics to ensure they reflect the types of threats your company is likely to experience and keep up with the rapidly evolving attack methods.
Set up training groups by employee role and/or function. While basic cyber safety courses are important for everyone to take, staff functions vary so vulnerabilities will vary as well. Some of your staff may need specific awareness of data privacy, data protection, and regulatory compliance, but not every employee will benefit from those topics.
Stagger phishing exercises and other random testing deliveries. Look for a tool like BullPhish ID that gives you the ability to stagger the delivery of phishing simulation emails to the intended targets over several hours and days. This will reduce the likelihood of employees warning each other of the exercise and help make the assessment more effective.
Use phishing kits that are relevant to your business and work activities. Tools like BulllPhish ID offer a catalog of phishing kits so you have more flexibility in choosing training and simulations that impersonate the tools that your staff groups actually interact with regularly. Seeing simulations that match the applications they use daily (FedEx, Dropbox, etc) will give a more accurate assessment of security awareness.
Review and share progress. We can feel a little disgruntled about taking time out of our busy days for training, especially when we don’t see the benefit. Review awareness indicators like the percentage of employees opening phishing emails, clicking through to phishing landing pages, and (worst of all) submitting their credentials before you begin training versus the present time. Share the progress with your teams to show that the training works and reward their diligence.
If you’re ready to implement security awareness training for your staff or if your current tool doesn’t have all these features, reach out! We can get you started with the right tool for your business and help you enable all the features that will help make security awareness training more effective.