Recent Posts

Categories

Security awareness training may be different in each organization, but in essence it is training your team about cyber security threats, best practices, policies, and procedures. It involves understanding each person’s role in mitigating risks, protecting information, and handling cyber security incidents.

Every company is different and may implement their training programs differently. You can think of security awareness training like OSHA training for cyber security, but done on a continuous basis, as there are constant changes in the online landscape. There are multiple components to security awareness training, which we’ll explore below.

Awareness Training Courses

Online and in-person security awareness training courses educate employees on today’s cyber security threats and what to look for. There are new threats, vulnerabilities, and tactics that come out every day. As an everyday person, it is impossible to know everything to look out for, or to even realize the possible scams going around. Employees can’t stop something they are not aware of. That’s where security awareness training comes into play.

Regular bite-sized training courses of 5 – 10 minutes are often used for continuous learning and awareness. These learning programs equip users to know what to look for and what actions to take. Some companies may incorporate their policies and procedures into these courses or manage them separately.

Quizzes

Security awareness training typically involves a quiz that an employee must pass. Employees will know what answers they got right or wrong, and why.  This can allow them to grow, learn, and understand the differences in the training courses they are going through.

Based on a user’s answers, targeted training can be provided for those who may need more direction.

Phishing Simulations

Phishing simulations are often performed as part of cyber security awareness training. For the simulation, a phishing email is sent out throughout the organization– not all at the same time to easily flag the staff, but randomly. These are sophisticated emails that real hackers would use. However, they will get through filters, because we have told the mail servers to let them through.

This truly gives a user the opportunity to test what they have learned. If a user clicks on the phishing simulation, they are notified it is a phishing simulation and provided with an explanation of what may have been overlooked. They will also receive additional phishing simulations to provide more practice in what to look for on the job.

Performance Tracking

Cyber security training plans need tracking and reporting. Knowing who is completing courses, who is passing quizzes, and who is passing the phishing simulations is important to building a security-minded culture along with knowing who is at a higher risk of being breached. Addressing repeat offenders may help encourage them to focus more on security awareness training.

Security awareness training is becoming more of a requirement for companies. Most compromises start with human interaction, such as a user responding to the wrong email, clicking on the wrong link, or trusting the wrong site. The best way to stop those breaches is to provide a comprehensive security awareness program to arm the organization with knowledge, so they are not the next ones to be duped.

For more information, explore ISOCNET’s security awareness training  services, or contact us for a free consultation.

Related Posts

An image of a security operations center watching for threats.

What is a Security Operations Center?

An image of a hand hovering over a dimly lit cell phone screen that reads "Vishing".

What is Vishing in Cyber Security?

An image of connected circles representing business continuity and disaster recovery.

Business Continuity vs. Disaster Recovery