What is Security Awareness

Security Awareness Training

Security awareness is a critical priority for CISOs in every organization. With human error contributing to more than 90% of security breaches and the average breach costing nearly $4 million to remediate, it's no wonder that organizations have invested heavily in security awareness training for employees.

Yet despite this effort, organizations today are even more likely to be attacked than they were just a few years ago. Which begs the question, is information security awareness training ineffective? If so, why? What is security awareness training failing to do?

This short introduction to IT security awareness is designed to answer these questions and introduce a new kind of online security awareness training from Mimecast.

What is security awareness?

Security awareness is a measure of employees' understanding of the threats that face their organization, how their behavior can help to mitigate threats, and how their mistakes and careless actions may lead to a security breach.

What is security awareness training?

Security awareness training is an educational program designed to improve employees' knowledge of security threats and the best practices that can help to avoid or prevent them.

What is security awareness training designed to do?

A security awareness training program is designed to familiarize employees with the nature of threats they may encounter in the workplace – how the threats work and how they may appear to an employee. Security awareness training also provides instruction on how to deal with threats as well as best practices for keeping themselves and the organization secure.

Why is traditional security awareness training ineffective?

At Mimecast, we believe traditional security awareness training misses the mark for three reasons:

1. It is boring. Cybersecurity and security best practices are not very interesting to most employees, making it hard for employees to care about security or to stay engaged in training sessions. Traditional training techniques compound this problem by wrapping critical learning in a boring methodology. When security awareness training fails to engage employees, it's difficult to impart knowledge that will be used and retained.
2. There's too much information. Many security awareness training programs overwhelm employees with information about all threats and best practices at once. This inundation makes it difficult for employees to master the information they need to practice optimal security behavior.
3. It's too intrusive. Many training sessions require employees to carve out multiple hours from their busy day to complete training sessions. This approach tends to make employees resentful of the time they are having to spend away from what they view as their "real" work, and reduces the effectiveness of training.

What is Mimecast security awareness training?

Mimecast Awareness Training is a training and risk management platform that helps organizations successfully combat human error. As a cloud-based solution, Mimecast security awareness training can be quickly and easily rolled out to employees anywhere in the world. Easily managed from a single console, Mimecast Awareness Training seamlessly integrates with Mimecast's solutions for web security, email security and information archiving to provide a comprehensive approach to enhancing cybersecurity.

How is Mimecast security awareness training different?

Mimecast Awareness Training offers a different approach to security awareness training.

• Highly engaging training modules keep users entertained with short, humorous videos that present security content in a highly relatable way. Our videos are created by top comedy and entertainment professionals from TV and cinema and feature humorous characters in mini sitcoms that cover a single security topic in each episode. Rather than dreading training sessions, employees love our content and look forward to each new module.
• Short but frequent training helps to improve employee engagement and understanding. Each training module is only 3-5 minutes, making it easy for employees to complete their training on a quick break. And new training modules are delivered monthly, enabling organizations to keep security top of mind for employees and to deal with best practices for emerging threats in a timely way.
• Continual testing enables organization to measure employee learning and to gauge employee sentiment about security, i.e., how much employees care about security and feel prepared to deal with threats.
• Personalized risk scores assigned to each employee help organizations understand where the greatest risks are and where they may need to focus training resources to address the riskiest behavior.
• Customized training for employees with the poorest risk scores enables organizations to make the most of limited training dollars by providing these employees with additional training and one-on-one coaching to remediate risky behavior.

What is the impact on security awareness of Mimecast Awareness Training?

Mimecast Awareness Training can help organizations improve security awareness on a wide variety of topics by as much as 400%.

More Knowledge: Awareness Before and After Training
THE TOPIC	BEFORE	AFTER	GAIN
Phishing	33.0%	81.2%	246%
BYOD	28.1%	86.6%	308%
Social Media	37.7%	80.1%	212%
Passwords	12.5%	54.6%	437%
Inadvertent Disclosure	18.6%	78.4%	421%
Insider Threat	17.8%	62.6%	345%
Shadow IT	26.7%	53.9%	202%
Storage Devices	34.5%	88.2%	256%
Reporting Threats	17.8%	62.6%	345%
Tailgating	27.9%	67.2%	241%