“One of the most effective ways you can minimize the phishing threat is through awareness and training. You create a network of human sensors that are more effective at detecting phishing than almost any technology.”
Lance Spitzer, Training Director at the SANS Institute
The proven best practices for the best Security Awareness Training is designed to add a layer on top of existing firewalls. The goal is to establish an effective human firewall of informed, educated and phish-savvy employees. Security Awareness Training Addresses the Most Common Cyberthreats by influencing behavior and fostering a Security Culture
Improve Protection: Prepare employees to recognize and neutralize social engineering attacks, like phishing.
Strengthen Resilience: Empower employees to identify cyber risks and report mistakes that could expose sensitive data.
Achieve Compliance: Deliver security awareness training for regulatory compliance.
We can help you
We can plan and implement a program for Security Awareness Training for you or we can provide direct access to world leading awareness training providers and so you can run your own programs.
We have two globally leading partners offering this service:
KnowBe4 is the world’s largest integrated platform for security awareness training combined with simulated phishing attacks.
They provide the full suite of Security Awareness Training, Coaching and Testing.
Reach out to discuss a demo, discuss options, or obtain pricing. Alternatively if you want to control your own destiny, click on the link below and go ahead and try a safe phishing test in your organisation right away.
Arctic Wolf are a market leader in Security Operations.
Managed Security Awareness customers
are provided a content track designed
to engage employees multiple times per
month with fresh and relevant topics.
Role-based lessons are specifically
designed to prepare highly targeted
roles within organizations.
Download the data sheet and reach out for more details, pricing and to schedule a trial.
Top Ten Best Practices for Security Awareness Training
1. Comprehensive Programs Work
Most security awareness programs are superficial at best. They may include some sensible actions, but they don’t dovetail into a coordinated and comprehensive program. What is missing is an appreciation of the adversary being faced and the degree of commitment an organization has to have to stave off attacks.
2. Develop a Coordinated Campaign
Training on its own, typically once a year, isn’t enough. Simulated phishing of personnel on its own doesn’t work. But together, they can be combined to greatly increase effectiveness.
3. Baseline Phishing Susceptibility
It is vital to establish a baseline on phishing click-through rates so you know the percentage of users who open malicious emails prior to awareness training campaign commencement.
4. Gain Executive and IT Buy-In
To be effective, top executives and IT managers must be onboard. Thus extensive briefings before and during a training program is a must. Briefings are needed in advance to accomplish finance approval, but it should never end there. Prior to beginning a phishing simulation project, communicate to executives and iron out all political or sensitivity issues in advance.
5. Conduct Random Phishing Attacks
Employees get used to the simulated actions of the campaign, learn to watch out for them every Monday morning and thereafter continue as normal. What you end up with is a simulated phishing initiative that has little or no impact on employee gullibility.
6. Personalize Emails
Personalized emails are more believable. Another tactic is to split phishing email into groups such as by departments, or to tie phishing emails into topical or popular events.
7. Don’t Expect Miracles
Phishing victimization rates generally fall from the 10-25% range to about 2%. Getting below that point is extremely difficult. Continuation of the
campaign can keep results at or below that level.
8. Avoid Witch Hunts
Common concern about simulated phishing is that the results could be used in witch hunts. Therefore, don’t ever use results in this way or bring them up in annual reviews. It is best to keep results general and use them to correct and train the organization as a whole as opposed to singling out specific individuals.
9. Continue to Test Employees Regularly
Even when testing confirms that phishing susceptibility has fallen to nominal levels, continue to test employees frequently to determine if anti-phishing training remains effective. The bad guys are always changing the rules, adjusting their tactics and upgrading their technologies.
10. Provide Thorough Security Training
The best Security Awareness Training is interactive, balances theory and application, is continually updated, and is based upon thorough insight of how cybercriminals operate.It should make sure employees understand the mechanisms of spam, phishing, spear-phishing, malware, ransomware and social engineering, and are able to apply this knowledge in their day-to-day jobs.
Need More Convincing?
Not convinced on the need for Security Awareness Training or need some evidence to support a business case? Download the Root Cause of Ransomware report