Effective cyber security awareness training for employees
With human error playing a part in so many security breaches – more than 90%, according to a recent study – it's no wonder companies are pouring so much money into cyber security awareness training for employees.
Unfortunately, this investment in awareness training doesn't seem to be paying off. Companies today are even more likely to experience a major breach than they were four years ago. Clearly something isn't working, and at Mimecast, we think we know why.
Most cyber security awareness training for employees is, to be blunt, boring. And when employees are bored, they can't engage with the content. They're less likely to remember, let alone master, the critical best practices that could make them your greatest security asset rather than your weakest security link.
To address this problem and to solve for human error, Mimecast offers cyber security awareness training for employees that employees actually love. Our secret? Humor, brevity and persistence.
How Mimecast makes cyber security awareness training work
Mimecast's employee security awareness training programs are effective for three reasons.
- They're incredibly entertaining. Our training modules feature short videos produced by top talent from the entertainment industry. They're mini sitcoms that take a light approach to the serious topic of cyber security. Designed to get employees laughing, our training modules keep employees engaged while they absorb critical content – they don't even know they're learning.
- They're short and ongoing. Rather than cyber security awareness training for employees that packs loads of instruction into hours of content in a one-off session, we package learning in 3- to 5- minute modules that employees interact with once a month on a continual basis. Rather than a dull morning, our training is a short dose of learning that employees actually look forward to as a welcome break in their day. And by featuring new content each month, Mimecast enables you to address emerging threats and to keep security constantly on employees' agenda.
- They're focused on individuals. Often, cyber security awareness training for employees is one-size-fits-all. At Mimecast, we understand that some employees pose a much greater risk than others because of their behavior or their position in your company. Our program lets you direct training at employees who are more likely to be your weakest links, helping to get more impact from every dollar in your security awareness budget.
Components of Mimecast cyber security awareness training for employees
Mimecast provides a comprehensive approach to cyber security awareness training for employees. Our program includes:
- Highly engaging, video-based training modules. Each module is less than five minutes and provides employees with a clear understanding of the threat, best practices for responding to it, and what the consequences are for the company and themselves if they are careless about security. Topics in our web and email security training modules include a wide range of subjects, including phishing, ransomware, passwords, CEO fraud, information protection and insider threat awareness training, as well as compliance-related topics such as HIPAA, PCI and GDPR awareness training.
- Real-world testing. Testing prior to training (and every six months thereafter) provides data on employees' initial sentiment and evolving attitudes toward security. Testing after each module helps to chart progress and document employees' understanding and behavior around each security topic.
- Predictive risk scoring. Mimecast assigns every employee a personalized cyber risk score based on their testing data, behavior and predictive modeling built on anonymized data from the Mimecast grid. Risk scoring helps you identify your greatest security risks so you can take action to remediate them.
- Customized training. Mimecast lets you assign additional resources for your riskiest employees, providing them with additional training and/or one-on-one coaching. By directing more training resources to your greatest risks, Mimecast helps you stretch the impact of your training dollars.
Security awareness training that gets results
We know that Mimecast security awareness training for employees is highly engaging – employees tell us constantly how much they love our content. But what's most important is that our approach to training gets results. The table below shows how organizations on average can realize up to 4x improvement in awareness on a wide variety of security topics.
We know that Mimecast security awareness training for employees is highly engaging – employees tell us constantly how much they love our content. But what's most important is that our approach to training gets results. The table below shows how organizations on average can realize up to 4x improvement in awareness on a wide variety of security topics.
More knowledge: awareness before and after training |
|||
| THE TOPIC | BEFORE | AFTER | GAIN |
| Phishing | 33.0% | 81.2% | 246% |
| BYOD | 28.1% | 86.6% | 308% |
| Social Media | 37.7% | 80.1% | 212% |
| Passwords | 12.5% | 54.6% | 437% |
| Inadvertent Disclosure | 18.6% | 78.4% | 421% |
| Insider Threat | 17.8% | 62.6% | 345% |
| Shadow IT | 26.7% | 53.9% | 202% |
| Storage Devices | 34.5% | 88.2% | 256% |
| Reporting Threats | 17.8% | 62.6% | 345% |
| Tailgating | 27.9% | 67.2% | 241% |
More knowledge: awareness before and after training
Phishing tests gauge employees' security awareness
Mimecast's phishing simulation tools are integrated into the Mimecast Awareness Training program to make phishing tests simple to implement and manage. In under 10 minutes, you can set up and launch phishing tests based real-world examples – including phony promotional, package tracking and password reset emails – with total control over sequencing, content and timing. Test results combined with data from phishing tutorial modules can help you further evaluate the risk profile of individual employees.
Cyber Security Training for Employees FAQs
What is cyber security awareness?
Cyber security awareness refers to employees' understanding of the nature of cybersecurity threats, how threats can jeopardize organizational security, and what employees should do if they encounter a threat.
What is employee security awareness?
Employee security awareness refers to an understanding by employees of the wide number of cyber threats that an organization may encounter, how employees can help to mitigate them and how a mistake can lead to a major security breach.
What is employee security awareness training?
Security awareness training is a program that educates employees about the best practices for handling cyber threats as well as the behaviors that can jeopardize personal and organizational security.
Why is cyber security awareness training for employees important?
Cyber security awareness training for employees helps to address one of the biggest factors in major security breaches: human error. By training employees how to recognize and respond to cyber threats, organizations can dramatically improve their security posture and cyber resilience.
Can Mimecast help with Office 365 security and compliance training?
Yes. Mimecast Awareness Training provides education on a broad variety of topics for security and compliance in Office 365, including the danger of phishing emails, ransomware and CEO fraud as well as HIPAA, PCI and GDPR compliance.
How many hours of training does an employee need?
The number of hours of training to successfully educate employees in security awareness depends on the individual. Some employees will learn much more quickly than others. That's why Mimecast Awareness Training provides individualized risk scores for employees that lets you determine how effective training has been for each individual and to provide additional training or one-on-one coaching when necessary.
