Why building security awareness is harder than it should be
Nearly all successful cyberattacks have one thing in common: an employee took an action that allowed the attack to take place. In fact, studies show human error is a factor in more than 90% of security breaches. Clearly employees need greater security awareness to protect themselves and their organization from a constantly evolving threat landscape.
One would think that information security awareness training could help to improve the situation. But after committing billions of dollars to training programs in recent years, organizations today are even more likely to experience a breach than they were four years ago.
Why is it so hard to improve security awareness? At Mimecast, we believe the issue is in the traditional approach to training. IT security awareness is not exactly a captivating subject for most people, and traditional training programs only make matters worse by being incredibly boring. How can anyone expect employees to learn or master security best practices when they're having a hard time paying attention?
Mimecast solves this problem with a security awareness training program that is highly entertaining and structured to make security best practices simple to learn and easy to retain.
Elements of Mimecast security awareness training
Mimecast Awareness Training is a training and risk management platform that helps you combat security breaches caused by employee mistakes. Our approach features:
- Highly engaging, video-based content. Our program features training modules centered on short, humorous videos that cover a wide variety of security topics. Each video is a mini sitcom scripted by top comedy writers and produced by entertainment industry pros. By focusing on humor and getting employees laughing, our security awareness training program keeps employees highly engaged as they learn about best practices.
- Persistent, non-invasive training schedules. With Mimecast, employees get security awareness training in 3- to 5-minute sessions once each month. Rather than inundating employees with information or asking them to carve out multiple hours from their busy schedule, our approach enables them to complete their training on a quick break. And by delivering training once a month, we keep security fresh on employees' minds and enable training topics to reflect the latest thinking about emerging threats.
- Real-world testing. At Mimecast we know that effective training requires constant evaluation. That's why our program includes sentiment surveys that gauge employee attitudes to security as well as tests after each training module to track progress and learning. We also offer a phishing training module that lets you test employee responses to realistic but non-threatening phishing emails to gauge security awareness about this dangerous and highly prevalent threat.
- Predictive risk scoring. When it comes to security awareness, every employee is different, which is why Mimecast lets you assign a risk score to every individual in your organization. Based on testing data, predictive modeling and an employee's position within the company, a risk score helps you understand where your weakest links are and which employees may need more training.
- Customized remediation. Based on risk scores, you can target specific users for one-on-one coaching or additional training to improve their security awareness and change their risky behaviors.
Security awareness topics
Mimecast security awareness training features 12 to 15 new training modules each year to keep content fresh and relevant. Current training topics include:
- Phishing awareness, teaching employees how to recognize and deal with potential phishing emails.
- Password security, including instruction on using strong passwords and avoiding personal passwords.
- Privacy issues, with instructions on how to protect the sensitive data of customers, partners, other employees and the company.
- Compliance, covering compliance for HIPAA, PCI and GDPR.
- Insider threats, instructing employees how to recognize threats that may come from inside the organization.
- CEO/wire fraud, showing employees how attackers may impersonate a C-level executive to defraud the company of thousands of dollars.
- Data in motion, helping employees understand how vulnerable data in motion is and how they can protect it.
- Office hygiene, helping employees understand the best way to protect paper, desks, screens and buildings.
Why Mimecast is your #1 security awareness asset
Mimecast security awareness training is highly effective at changing employee attitudes and behavior around critical security practices. Additional benefits of Mimecast Awareness Training include:
- Expert content. Our content is not only highly engaging, it is based on the insight and experience of some of the nation's sharpest cybersecurity minds from law enforcement, the military and the intelligence community.
- Simple management features. Mimecast's cloud-based platform makes it easy to manage all aspects of web and email security awareness training from a single console.
- Online access. Employees can complete their training online, making it easy to rollout security awareness training to a global workforce with just a few clicks.
- Proven results. Testing data shows that companies on average can increase employee security awareness by up to 400% on a wide range of topics.
More knowledge: awareness before and after training |
|||
| THE TOPIC | BEFORE | AFTER | GAIN |
| Phishing | 33.0% | 81.2% | 246% |
| BYOD | 28.1% | 86.6% | 308% |
| Social Media | 37.7% | 80.1% | 212% |
| Passwords | 12.5% | 54.6% | 437% |
| Inadvertent Disclosure | 18.6% | 78.4% | 421% |
| Insider Threat | 17.8% | 62.6% | 345% |
| Shadow IT | 26.7% | 53.9% | 202% |
| Storage Devices | 34.5% | 88.2% | 256% |
| Reporting Threats | 17.8% | 62.6% | 345% |
| Tailgating | 27.9% | 67.2% | 241% |
FAQs: What is security awareness?
What is security awareness?
Security awareness refers to an employee's understanding of the threats that face their organization and how they can help to mitigate or avoid them.
What are the elements of security awareness?
Elements of security awareness include knowledge of a wide variety of threats, an understanding of how they may encounter those threats during the workday, the best practices for mitigating threats, and the kind of mistakes they must avoid in order to protect themselves and the organization.
What is a security awareness program?
A security awareness program is a training tool that helps employees to build greater awareness and safer behavior.
Does Mimecast offer Office 365 security and compliance training?
Mimecast Awareness Training includes many topics that are relevant to Office 365 security and compliance. These include instructions in compliance for GDPR, PCI and HIPAA as well as training in how to deal with impersonation fraud, ransomware and phishing attacks.
