Information Security Awareness Training

What is information security awareness training?

Information security awareness training provides information on the many threats that employees may encounter in the workplace and the actions they may take that either mitigate threats or enable them to do damage. Security awareness training typically shows employees what threats look like, how they work, and how to best avoid or stop them.

The importance of information security awareness training for businesses

When it comes to your employees, promoting IT security awareness is business-critical for one simple reason: more than 90% of security breaches involve human error. That means your greatest assets – your people – are also one of your biggest security risks.

Ransomware and phishing attacks are getting more and more sophisticated. It takes a trained eye to know what to look for in a suspicious email, and many people don’t know what they don’t know about information security. It’s imperative to provide them with some form of training.

Many organizations have dumped a lot of money into security awareness training in an effort to instill greater IT security awareness among users. Unfortunately, the ROI on these efforts is usually disappointing. Most security awareness training for employees fails to change behavior, and it's not hard to see why: training is usually boring. It's often packaged in long, tedious sessions that employees dread – or worse, avoid – and once it's over, best practices are soon forgotten.

That's why Mimecast decided to turn IT security awareness training on its head. Rather than run-of-the-mill security awareness courses that read like a PowerPoint presentation, we've developed massively engaging, video-based training that uses one of education's most powerful tools: humor. Simply put, our stuff is hilarious. With the help of top talent from the entertainment industry, we've put together a series of mini sitcoms that mix a little learning with a lot of laughs. Employees don't just like our IT security awareness courses – they love them, and they ask for more.

To avoid information overload, we deliver IT security awareness courses in 3- to 5-minute modules that employees engage with roughly once each month. That keeps learning fresh and makes sure that IT security awareness is continually on their radar.

Elements of Mimecast information awareness training

Mimecast Awareness Training was developed by cybersecurity leaders from the military, law enforcement and the intelligence community. The program instills IT security awareness by focusing on four things.

• Engaging content. People won't learn anything if they're not engaged in the content, which is why most IT security awareness courses fail. Mimecast's short and highly entertaining video content keeps employees involved in their security education – they're continually learning without even realizing it.
• Constant testing. Sentiment testing conducted before training is delivered establishes a baseline about how seriously each employee takes security threats and feels prepared to cope with them. Testing after each training module reinforces key concepts and tracks retention and behavioral change. And phishing tests – complete with real-world templates of phishing emails – put your employees' learning to the test and helps you identify weak links.
• Personalized risk scores. With Mimecast IT security awareness training, everyone from the C-suite to front line employees gets a personalized risk score based on training data, sentiment surveys and additional data from the Mimecast grid. Risk scores help you understand which users pose the greatest risk your company, which employees or departments are avoiding training, and who may be most likely targeted by attackers.
• Targeted learning. With intelligence gleaned from personalized risk scoring, you can customize training to target your highest risk employees. That may mean providing one-on-one coaching, delivering additional or more frequent training, or adjusting system permissions for those who don't respond well to training.

Are you doing information security awareness training right?

Information security awareness training is designed to address an organization's weakest security link: human beings. Studies show that human error is involved in more than 90% of major data breaches. With the average breach costing more than $4 million to remediate, it makes sense that organizations of all sizes have invested heavily in cyber awareness training.

The problem is, most awareness training programs simply don't work, for several key reasons:

• They're long, dry and boring, making it hard for employees to pay attention.
• They're delivered too infrequently, making it difficult to remember best practices.
• They're punitive, leaving employees feeling targeted rather than supported.

When employees aren't engaged – or worse, when they're resistant – they simply won't learn. That's why Mimecast has built an information security awareness training program that features the educator's secret weapon: humor.

Wrapping information security awareness training in humor

Mimecast's cyber security training courses are different than anything you've ever seen. For starters, they're funny. Not groaner-pun, dad-joke funny, but genuinely hilarious. They're created by real comedy writers and entertainment industry pros and presented as mini sitcoms that employees actually look forward to watching.

 We chose funny over boring because – surprise, surprise – funny works better. People pay attention, they get invested and, in the process, they learn. Any educator can tell you: humor works with students of all ages, driving long-term memory retention and higher learning results.

Another radical difference in Mimecast information security awareness training: short training modules. Each session covers a single topic and is no more than five minutes long, enabling employees to easily absorb critical security best practices. And rather than making employees sit through hours of training at a time, we deliver short doses every month to keep learning fresh and security top of mind. Busy employees can complete their monthly training in just a few minutes, making it a welcome break rather than a dreaded hours-long event.

How Mimecast information awareness training works

In addition to massively entertaining, video-based training modules, Mimecast employee security awareness training includes:

• Phishing testing capabilities. Mimecast's easy-to-use phishing training tests and tutorials are fully integrated into the Mimecast Awareness Training platform. These template-based tests use real-life examples – everything from phony promotions and package tracking to password resets and fake news – to test your employees' awareness of phishing techniques and their handling of phishing emails.
• Sentiment and progress testing. We test the sentiment or attitudes of each employee prior to the start of any testing, and retest the same metrics every six months. We also test immediately after each training module to measure progress in the employees understanding of best practices.
• Predictive risk scoring. Rather than treating all of your employees the same, Mimecast understands that some employees are much greater risks than others. We assign personalized cyber risk scores to every individual based on testing data, participation in or avoidance of testing, and anonymized data from multiple industries, clients and the Mimecast grid.
• Customizable, targeted training. Knowing every employee's risk score allows you to target training resources to the people who need it most. That may mean requiring additional training for some or one-on-one coaching for others. And when a higher risk score persists, you may adjust system permissions to better protect your organization.

Why Mimecast should be your IT security awareness partner

Beyond delivering clear and measurable results, there are many reasons to choose Mimecast for IT security awareness training.

• The best content – period. Our security awareness training courses are outright funny – employees can't wait to see the next episode. Our courses offer expertise developed by leading cybersecurity minds, including a former director of the FBI and a former CSO for AT&T. And our training content is comprehensive, covering everything from password and email security awareness to targeted threats like phishing and ransomware to compliance topics on PCI, GDPR and HIPAA.
• Targeted campaigns. Mimecast lets you target the individuals and groups who will represent the greatest risks in your organization. Rather than a "spray and pray" approach, you can make the most of your limited resources, enabling IT security awareness training to have a greater impact than ever before.
• Online delivery. Mimecast IT security awareness courses are delivered via a web browser, enabling you to manage awareness training for a global workforce with just a few clicks.
• Integrated, comprehensive cybersecurity solutions. Mimecast Awareness Training can be seamlessly integrated with Mimecast's suite of solutions for email security, web security, information archiving and business continuity, providing a single, cloud-based solution that addresses all of your cybersecurity needs.