A better way to do employee security awareness training
When you look at what went wrong after a major data breach, you'll inevitably find one common theme to most cyberattacks: human error. Some employee at some point in the process took an action that could have been avoided – and that made the attack possible. In fact, employee mistakes are involved in more than 90% of major data breaches.
Employee security awareness training should be able to stop this unfortunate trend. But most security awareness programs are ineffective. Despite committing billions of dollars to cybersecurity awareness training, organizations today are more likely to experience a breach than they were four years ago.
Here's the problem with most employee security awareness training: it's almost always boring, time-consuming and overwhelming. Critical learning is packaged in sessions that go on for hours, that inundate attendees with information, and that simply can't keep employees' attention. It's a recipe for education disaster.
At Mimecast, we offer another, far more effective option for employee security awareness training: highly entertaining training videos, packaged in easily digestible learning modules that take less than five minutes to complete, and delivered once a month on an ongoing basis.
Simply put, it works. Humorous content keeps employees alert and engaged. Short training modules make it easy to understand and digest critical subjects. And monthly training sessions make security an ongoing priority for employees at every level.
What's included in Mimecast employee security awareness training?
Mimecast employee security awareness training achieves behavioral change by focusing on four things:
- Engaging content. Our training videos aren't just mildly diverting – they're outright funny. They're mini sitcoms, written and produced by top talent from the entertainment industry, that cover a serious security topic with recurring comic characters that audiences come to know and love. Rather than rolling their eyes at security awareness training, employees actually look forward to these short, hilarious segments each month.
- Testing progress. We test employee attitudes toward security before any training begins and then every six months after. We also test employee knowledge of concepts in each training module, with questions that reinforce learning and help measure progress. And we facilitate phishing testing to help you better understand which employees are engaging in risky behavior.
- Risk scoring. Mimecast's predictive, personalized risk scoring assigns each employee a level of risk based on their testing data, on surveys about their attitudes toward security, and on other data from the Mimecast grid.
- Customized learning. One of the biggest advantages of Mimecast employee security awareness training is the ability to focus your resources on the greatest areas of risk. Based on their personal risk score, you can provide certain employees with additional training or one-on-one coaching, and you can adjust system permissions for employees who don't respond well.
Results of Mimecast awareness training
With Mimecast employee security awareness training, you can dramatically move the needle on knowledge of basic security issues. Each module takes a complex security topic and breaks it down into four critical pieces of information:
- What the threat is and how it works
- What employees can do about it
- Consequences for the company if they fail
- The personal impact of the threat on their lives and careers
While the subject matter is serious, the approach is lighthearted. With 12 to 15 new modules created each year, training stays fresh for users while covering the most critical topics in a continuously changing threat landscape.
What's covered in employee security awareness training?
Current topics covered by Mimecast Awareness Training include:
- Phishing awareness, showing employees how to recognize possible phishing messages.
- Password security, including how to set extremely strong passwords.
- Privacy training, educating employees on protecting information of customers, partners, other employees and the company.
- Compliance awareness training, covering regulatory frameworks like HIPAA, PCI and GDPR.
- Insider threat awareness training, teaching users how to recognize threats that may originate inside the company.
- Email security awareness, helping employees recognize all the ways that attackers may try to dupe them.
- CEO/wire fraud training, demonstrating what fraud looks like and how to avoid being the person who costs the business thousand of dollars.
- Data in motion, helping employees understand data vulnerabilities.
- Ransomware, showing how personally disastrous these attacks can be.
- Office hygiene, helping employees understand the best way to protect paper, desks, screens and buildings.
FAQs on employee security awareness training move
Security awareness is cognizance of the broad range of cyber threats that pose a risk to the security of an organization. Security awareness includes an understanding of what the threats are, how they work, and how individuals can take actions to mitigate them.
What is employee security awareness training?
Security awareness training is a program that educates employees about the best practices for handling cyber threats as well as the behaviors that can jeopardize personal and organizational security.
Why is employee security awareness training important?
Human error is a significant cause of major data breaches. Employee security awareness training helps individuals, departments and organizations improve security by learning to avoid the mistakes that lead to security issues.
Can Mimecast help with Office 365 security and compliance training?
Yes. Mimecast Awareness Training provides education on a broad variety of topics for security and compliance in Office 365, including the danger of phishing emails, ransomware and CEO fraud as well as HIPAA, PCI and GDPR compliance.