What is security awareness training?
Security awareness training is a strategy used by IT and security professionals to prevent and mitigate user risk. These programs are designed to help users and employees understand the role they play in helping to combat information security breaches. Effective security awareness training helps employees understand proper cyber hygiene, the security risks associated with their actions, and to identify cyber-attacks they may encounter via email and the web.
Why do your employees need security awareness training?
Research suggests that human error is involved in more than 88% of security breaches. Security awareness training helps to minimize risk thus preventing the loss of PII, IP, money, or brand reputation. An effective awareness training program addresses the cybersecurity mistakes that employees may make when using email, the web and in the physical world such as tailgating or improper document disposal.
What are “best practices” for how to approach awareness training?
Effective security awareness training focuses on engaging today’s workforce to reduce user risk. Many security awareness training programs ignore educational best practices, delivering training in one-off sessions that overwhelm users with information or worse, are forgettable. For training to be “sticky”, it needs to be persistent, delivered regularly in small doses, and fit employees’ busy schedules. Most importantly, positive reinforcement and humor performs better than fear-based or boring messaging to improve retention of critical security topics.
- Use security awareness training tests to increase and maintain security awareness
- Use phishing campaigns to evaluate the awareness of the staff.
- Use short training videos.
- Display posters in physical areas.
- Create a security newsletter which include consumer (personal) security tips.
- Provide a way for staff to report incidents or ask questions.