What is security awareness training and why is it important?
Security awareness training is a strategy used by IT and security professionals to prevent and mitigate user risk. These programs are designed to help users and employees understand the role they play in helping to combat information security breaches. Effective security awareness training helps employees understand proper cyber hygiene, the security risks associated with their actions and to identify cyber attacks they may encounter via email and the web.
Why do your employees need security awareness training?
Research suggests that human error is involved in more than 90% of security breaches. Security awareness training helps to minimize risk thus preventing the loss of PII, IP, money or brand reputation. An effective awareness training program addresses the cybersecurity mistakes that employees may make when using email, the web and in the physical world such as tailgating or improper document disposal.
Use phishing tests to increase security awareness
- Use real-life de-weaponized attacks, or our realistic single-page and multi-page templates which cover everything from phony promotions and package tracking to fake news and password resets due to unauthorized logins.
- Quickly customize your phish text and landing pages to reflect anticipated attempts against your employees.
- Specify which employees will receive your phishing email tests, which templates they'll receive, and when you want to launch.
What are best practices for how to approach awareness training?
Effective security awareness training focuses on engaging today’s workforce to reduce user risk. Many security awareness training programs ignore education best practices, delivering training in one-off sessions that overwhelm users with information or worse, are forgettable. For training to stick, it needs to be persistent, delivered regularly in small doses, to fit employees’ busy schedules. Most importantly, positive reinforcement and humor performs better than fear-based or boring messaging to improve retention of critical security topics.
Why choose security awareness training from Mimecast?
Mimecast security awareness training is highly effective at changing employee attitudes and behavior around critical security practices. Additional benefits of include:
- Expert content. Our highly engaging cybersecurity awareness training content is professionally produced by veterans of the television industry and developed by the insight and expertise of former law enforcement, military and CISOs.
- Simple administration. Mimecast’s cloud-based platform, Mime|OS, makes it easy to manage policies and users for web, email security and awareness training within a single console.
Components of Mimecast's security awareness training
Created by top leadership from the US military, law enforcement and intelligence committee, The Mimecast Awareness Training platform combines a highly effective methodology with predictive analytics to address your most pressing security vulnerabilities.
Mimecast cyber awareness training is based on learning science that suggests lasting, meaningful behavioral change requires learning that is engaging, persistent and nonintrusive. It can't be boring, and it can't be a one-off exercise that takes hours out of a busy day. That's why Mimecast web and email security training uses a series of highly entertaining videos, no more than 2 – 3 minutes in length, written and produced by some of the best talent in the entertainment industry. Every few weeks, employees spend five minutes viewing a video and answering a few questions to measure progress in their security awareness.
Employees don't just "like" our security awareness training sessions, they love them. It's an entertaining break in their day that also drives home essential cybersecurity principles on a continual basis. It's also targeted – employees who need more attention based on their test results and risk scoring can receive additional training as needed.
Components of Mimecast employee security awareness training include:
- Videos - massively engaging, video-based training modules that take a best-practice, micro learning approach to security awareness training. Each video covers a security threat, what employees should do about it, what the consequences for the company and the personal impact could be if they make a mistake.
- Real-world testing – employees answer a set of questions before training to establish a baseline and then answer those same questions every six months thereafter. Employees also answer questions after each training module to assess the impact on their security awareness. You can also test your employees' awareness of best practices around phishing and spear-phishing attacks by regularly sending test phishing emails.
- Risk scoring – every employee receives a risk score based on testing and the position they hold within the company (some positions are more likely to be targeted).
- Customer mediation – based on individual employee profiles, you can direct training resources to the employees who need it most to improve outcomes and reduce risk.
Critical security awareness training topics
Mimecast Awareness Training regularly releases new training modules to keep content fresh for your users and reflect emerging security threats your organization faces. In addition to 12 to 15 annual training modules focused on information security topics, Mimecast releases monthly shorter trainings based on trending cyberattacks or season scams and specialty topics covering new data privacy regulations.
Topics include, but are not limited to:
- Phishing awareness, teaching employees how to recognize and deal with potential phishing emails
- Password security, including instruction on using strong passwords and avoiding personal passwords.
- Privacy issues, with instructions on how to protect the sensitive data of customers, partners, other employees and the company.
- Compliance, covering compliance for HIPAA, PCI and GDPR.
- Insider threats, instructing employees how to recognize threats that may come from inside the organization.
- CEO/wire fraud, showing employees how attackers may impersonate a C-level executive to defraud the company of thousands of dollars.
- Data in motion, helping employees understand how vulnerable data in motion is and how they can protect it.
- Office hygiene, helping employees understand the best way to protect paper, desks, screens and buildings.
Security awareness training results
We know employees love our security awareness training – they tell us all the time. And by testing employee awareness before and after training modules, we also know how effective our methodology is.