Mimecast security awareness training for employees: getting it right
For CISOs, it's a troubling statistic: more than 90% of security breaches involve some level of human error. That means that even with the best security defenses in place, an employee's mistake can still result in a security breach that can bring an organization to its knees.
That's why security awareness training for employees is so critical, and why so many organizations have collectively poured billions of dollars into training programs. But despite this focused effort on educating employees about security threats, organizations today are even more likely to get hacked then they were just a few years ago.
At Mimecast, we think we know why: most security awareness training for employees is deadly dull. The subject of security best practices isn't terrifically interesting to start with, and if information security awareness training sessions are equally boring, employees won't engage and they won't learn.
That's why we've created something different: security awareness training for employees that uses humor and entertainment to keep employees engaged and drive home critical security lessons.
How Mimecast security awareness training for employees is different
Mimecast Awareness Training takes a completely different approach from other training products.
- It's funny. Humor is one of the most effective tools in education. It keeps audiences engaged and creates a positive attitude toward training sessions. Our security awareness training for employees features short videos scripted by top comedy writers and produced by professionals from the entertainment industry. Each training module features a mini sitcom that presents security topics in a highly relatable way that employees love. Rather than dreading their training, employees actually look forward to Mimecast's security awareness training program.
- It's brief. Most security awareness training for employees makes the mistake of presenting too much information at once, overwhelming employees and preventing them from retaining critical information. Mimecast promotes web and email security awareness in short sessions that last no more than 3 – 5 minutes, making it easy for employees to master the material.
- It's frequent. Mimecast delivers security training once a month to keep security principles at the top of employees' minds and allow content to reflect the latest best practices for dealing with emerging threats.
Components of Mimecast security awareness training for employees
Mimecast cybersecurity awareness training features four components that together provide a comprehensive approach to security awareness training for employees.
- Video-based training modules provide a lighthearted look at serious security topics. Each module covers one specific security topic – from ransomware, phishing and impersonation to creating strong passwords and complying with GDPR regulations. Employees get an overview of what the threat is and how it works, what they can do about it, and the consequences of careless action for the company and themselves.
- Comprehensive testing helps to regularly evaluate employees and track their progress on security awareness. Employees are tested prior to training to set a baseline on their attitudes toward security, and they're tested every six months thereafter to measure changes in their sentiment. Testing also takes place at the end of each training module to reinforce key concepts and to gauge progress on learning. Additionally, a phish testing module provides an easy-to-manage phishing simulation program that allows you to test employees' learning with realistic phishing emails.
- Personalized risk scoring for every employee enables you to see who your riskiest employees are based on testing data and predictive modeling and on an employee's position within the company (some roles and titles are more likely to be targeted by attackers).
- Targeted remediation based on risk scores lets you commit more of your limited training dollars to the employees who represent the greatest risk to organizational security. These employees may need additional training or one-on-one coaching to instill security awareness and change their behavior.
Security awareness training that gets results
We know that Mimecast security awareness training for employees is highly engaging – employees tell us constantly how much they love our content. But what's most important is that our approach to training gets results. The table below shows how organizations on average can realize up to 4x improvement in awareness on a wide variety of security topics.
More knowledge: awareness before and after training |
|||
| THE TOPIC | BEFORE | AFTER | GAIN |
| Phishing | 33.0% | 81.2% | 246% |
| BYOD | 28.1% | 86.6% | 308% |
| Social Media | 37.7% | 80.1% | 212% |
| Passwords | 12.5% | 54.6% | 437% |
| Inadvertent Disclosure | 18.6% | 78.4% | 421% |
| Insider Threat | 17.8% | 62.6% | 345% |
| Shadow IT | 26.7% | 53.9% | 202% |
| Storage Devices | 34.5% | 88.2% | 256% |
| Reporting Threats | 17.8% | 62.6% | 345% |
| Tailgating | 27.9% | 67.2% | 241% |
FAQs: What is employee security awareness?
What is employee security awareness?
Employee security awareness refers to an understanding by employees of the wide number of cyber threats that an organization may encounter, how employees can help to mitigate them and how a mistake can lead to a major security breach.
What is the purpose of security awareness training for employees?
Security awareness training for employees is designed to educate users on security best practices that help to avoid or stop security threats from damaging the organization.
Does Mimecast offer Office 365 security and compliance training?
Mimecast security awareness training for employees covers a wide range of security topics, many of which are highly relevant to Office 365 users. These include modules on phishing, ransomware and impersonation as well as compliance with HIPAA and GDPR regulations.
