Building a better security awareness training program
When it comes to security awareness training for employees, finding an effective solution can be difficult. Organizations have poured billions of dollars into security awareness training programs in recent years, but their chances of getting hacked are even greater today than four years ago.
A security awareness training program is designed to address the problem of human error that so often enables or contributes to a major data breach. By making employees more aware of the threats facing the organization and what they can and should do about them, security awareness training has the potential of making employees part of a front-line defense rather than an organization's weakest links.
Most training programs, however, fail to move the needle on improving security posture because they simply don't engage employees effectively. The subject of security best practices is admittedly pretty boring material, and most programs don't do a good job of making it more palatable. And if a security awareness training program can't hold an employee's attention, there's no way it can impart knowledge effectively.
To remedy this situation, Mimecast offers a security awareness training program that is markedly different in style and methodology.
Mimecast: a security awareness training program with a sense of humor
Mimecast security awareness training programs are effective because they are funny. Seriously.
Humor changes everything. It's the best way to reach an audience, keeping them engaged rather than boring them to sleep. Humor also creates a positive attitude about training, transforming it from a dreaded chore to an entertaining break that employees actually look forward to.
Mimecast security awareness training programs are built on short training videos written by top comedy writers from TV and the movies, and acted and produced by pros from the entertainment industry. With recurring characters that employees love, each video communicates important information in a highly relatable way, keeping employees entertained while they learn about security best practices without even knowing it.
In addition to using humor, Mimecast security awareness training programs are:
- Short. Each training module is only 3- to 5-minutes in length, covering one security topic in a format that is easy to digest. With a Mimecast security awareness training program, employees can learn about security best practices on a break in their day, rather than having to carve out several hours for training.
- Frequent. With Mimecast, employees engage in a security awareness training program once a month. This keeps security themes on their radar and enables content to reflect the latest best practices for emerging threats.
- Data-driven. Mimecast security awareness training programs rely on testing to provide data on training effectiveness and progress. Employees are tested before training begins to evaluate their attitude about security, and they are tested after completing each trading module to gauge their learning and changes in behavior.
- Personalized. With a Mimecast security awareness training program, each employee is given a personalized risk score based on testing data, sentiment surveys and anonymized data from multiple sources and the Mimecast grid. Risk scores let you know which employees are most likely to engage in risky behavior so you can tailor training to address these issues.
What's covered in Mimecast's security awareness training program?
The content for Mimecast's security awareness training program is developed by security experts from the U.S. military, law enforcement and intelligence communities. Each session presents employees with information about a real threat – what it is, how it works, what to do about it and what the consequences of careless actions are. Current topics include:
Onboarding
Intro Video
Passwords
Same Password
Strong Password
Phishing
Ransomware
CEO Fraud
Wire Transfer Fraud
Vishing
Information protection
Stolen Laptop
Spoken / Sensitive Behavior
Social Media
Know Your Audience
Privileged User
Public Wi-Fi
GDPR
Data Usage and Rights
HIPAA
Social Media Posting
Reporting Breaches
Spoken Disclosure
Authenticate
Locked Screen
Data in motion
Personal Email
Unknown Media
My Cloud Storage
Email Blast / Inadvertent Leaks
Office hygiene
Use of Shredder
Physical Access - Tailgating
Clean Desk
Exposed Screen
Responsible Printing
Benefits of a security awareness training program from Mimecast
Advantages of Mimecast security awareness training programs include:
- Engaging content. Mimecast security awareness training program is unlike anything you've seen. Treating serious topics with a light touch, Mimecast training keeps employees engaged while driving home critical best practices.
- Cost-effective remediation. Personalized risk scores let you direct more of your limited information security awareness training budget to the people and departments that need it most, providing your riskiest employees with additional sessions or one-on-one coaching to improve their awareness and behavior.
- Easy management. Mimecast's cloud-based platform makes it easy to manage a security awareness training program from a single administrative console. Employees can access training via a web browser, allowing you to rollout a global security awareness training program in just a few clicks.
- Phishing tests. A phishing simulation module makes it easy to create and administer phishing tests that allow you to gauge employee responses to this common but dangerous threat.
- Seamless integration. Mimecast Awareness Training can be integrated with Mimecast's comprehensive solutions for email security, web security and information archiving to cover all of your security needs in a single solution.
FAQs: What is a security awareness training program?
What is a security awareness training program?
Security awareness training is designed to educate employees about the nature of cyber threats and best practices for mitigating or avoiding them. A training program will typically help employees understand what a threat is, how they may encounter it, and what steps they can take to avoid it or to stop it.
Why do we need security awareness training?
Human error and employee mistakes are responsible in part for more than 90% of major data breaches.
By promoting web and email security awareness, a training program can educate employees about threats and risks and ultimately change employee behavior to help better protect the organization and themselves.
How long should a security awareness training program be?
The length of security awareness training programs varies widely. Mimecast's approach is to provide short training sessions on a monthly basis, delivering ongoing education that keeps security best practices fresh on employees' minds.
Does Mimecast cover Office 365 security and compliance training?
Mimecast Awareness Training covers a wide range of topics that are critical to security and compliance in Office 365, including phishing, ransomware, CEO fraud and compliance issues for HIPAA, PCI, GDPR and other regulatory frameworks.
