You have completed the annual phishing training that is part of all employees’ yearly obligatory training. The training includes teaching employees how to spot phishing emails. You will probably feel that every employee has been equipped with sufficient knowledge. However, 6 months onward, your business gets hit with a costly ransomware attack because of a click on a suspicious link.
You may wonder why you need to train your employees on the same topic every year and yet suffer from some variation of a security incident. The problem is that you are not training your employees often enough. People need to have periodic reinforcement as what is trained can be easily forgotten in a couple of months.
The question is how often is enough to improve your team’s cybersecurity awareness? According to most security training experts, the “sweet spot” is to conduct a training session every four months. Consistent reminders and reinforcement have seen better results in IT security.
Why Run a Cybersecurity Awareness Training Every 4 Months?
In a study presented at the USENIX SOUPS security conference recently, employees were asked to take phishing identification tests at several time increments. The study looked at the users’ ability to detect phishing emails versus training frequency. Employees took the test in increments of 4, 6, 8, 10 and 12 months.
The study found that scores were good after four months but started to deteriorate after six months. Scores continue to decline the more months that have passed after their initial training.
Training and refreshers are required to help employees act as positive agents in your cybersecurity strategy.
Training Your Employees to Develop a Cybersecure Culture
The gold standard for security awareness training is to develop a cybersecurity culture. An organisation with a cyber secure culture is one where everyone is aware of the need to protect sensitive data, avoid phishing scams, and keep passwords secure.
According to the 2021 Sophos Threat Report, one of the biggest threats to network security is the lack of basic security practices.
Well-trained employees can significantly reduce a company’s risk. It need not be a day-long cybersecurity training but a mix-up of delivery methods. Below are some examples of engaging ways to train employees on cybersecurity measures:
- Self-service videos emailed monthly
- Roundtable discussion
- “Tip of the week” for security in company communications & newsletters
- Training session by an IT professional
- Simulation of phishing tests
- Posters and notices on cybersecurity
Important Topics to Include in Your Cybersecurity Awareness Training
Phishing by Email, Text & Social Media
Email phishing is still the most prevalent format, although smishing (phishing via cell phone) and phishing over social media are also on the rise. Employees must know about how these fraudulent efforts operate, so they can avoid them.
Credential & Password Security
To enhance cyber security, many organizations have moved their servers to cloud systems. This has led to a significant spike in credential theft because sharing protected credentials with third parties is the simplest way to compromise a SaaS platform. Credential theft is now the primary source of breaches worldwide. It is a topic you should address in the training. Discuss the need to protect confidentiality and safeguards regarding the handling of passwords.
Mobile Device Security
These days, mobile devices are increasingly being used in the workplace as a widespread solution for many different work duties. They’re useful for reading incoming emails and responding to them from any location. Ensure company mobile devices have adequate security safeguards that regulate access to company data and information. To ensure the security of personal mobile devices, workers should consider setting passcodes and passwords.
Data Security
Data privacy regulations are another item that is becoming more essential in recent times. Many businesses have a variety of privacy rules to enforce compliance in their activities. Train your personnel on the best practices in collecting and handling data. This lessens the likelihood that you’ll get a breach or leak, which can cause you greater expenses in compliance penalties.
Getting Help on Cybersecurity Training
Train your staff with cybersecurity professionals. We can help you tailor-make a training program to suit your requirements. Call us today on 1300 440 444.