Is online security awareness training effective?
With human error involved in more than 90% of security breaches, many CISOs have turned to online security awareness training to boost employee understanding of cyber threats and how to respond to them.
But does security awareness training really work? For most organizations, the answer is no. Despite billions of dollars spent on security awareness training programs, companies today are even more likely to experience a breach than they were four years ago.
How is this possible? To put it bluntly, most online security awareness training is dull, long and ineffective. The content is boring, making it impossible for employees to pay attention. It's time-consuming, taking employees away from their busy schedule. And it's doesn't give employees a sense of individual responsibility for helping protect the organization.
Mimecast offers an online security awareness training program that addresses these flaws by taking a different approach: humorous content, delivered in short doses, with a focus on individual risk scoring.
Online security awareness training: Mimecast's approach
To enable more effective security awareness training for employees, Mimecast offers a program that is based on three priorities:
- Making content engaging. Mimecast online security awareness training videos are massively engaging. They take a serious topic like password security and they treat it with humor. Each module is a mini sitcom, scripted by top comedy writers and produced by entertainment industry pros. Employees don't just "like" our online security awareness training – they love it and they look forward to the chance to watch the next episode.
- Offering persistent training. Rather than making employees spend hours on online security awareness training, we asked them to take 3 to 5 minutes once a month. Rather than a cumbersome chore to be avoided, Mimecast makes awareness training a fresh break in the day. By delivering online security awareness training persistently but not intrusively, Mimecast helps keep security at the forefront of employees' minds.
- Fostering individual responsibility. Mimecast online security awareness training lets you evaluate the personal risk level of each employee and to target training to their needs. Our content not only helps employees understand what a threat is and what to do about it, but how it can affect the organization and how it can impact their own lives and career.
Comprehensive tools for security awareness
The elements of Mimecast online cybersecurity awareness training program include:
- Short training modules featuring video-based content that gets employees laughing. These highly entertaining sessions not only keep employees engaged but help to improve long-term retention of best practices and instill a positive attitude toward awareness training.
- Testing to gauge baseline attitudes and progress on learning. Before any training begins, we test to evaluate each employee's basic attitudes toward security. At the end of each training module, we test gauge their progress and understanding of the material. The Mimecast Awareness Training platform also includes state-of-the-art tools for phishing testing to gauge your employee's reactions to realistic phishing emails.
- Risk scoring to identify your greatest areas of risk. Every employee gets a personalized risk score based on testing data, on personal behavior and on how likely they are to be attacked by virtue of their position within the company.
- Customized training based on risk scores. After reviewing employee risk scores, Mimecast lets you direct targeted resources toward your riskiest employees, helping to improve their knowledge through additional training or one-on-one coaching.
What's covered in Mimecast Awareness Training?
Mimecast online training covers a broad range of web and email security awareness topics, with 12 to 15 new modules created each year to address a changing threat landscape. Current modules in Mimecast's online security awareness training program cover topics that include:
- Phishing – helping employees to recognize possible attacks and to understand what can happen if they carelessly respond to one.
- Password security – promoting strong passwords and making sure they never use personal passwords.
- Privacy – best practices for protecting data on customers, partners, employees and your company.
- PCI, HIPAA and GDPR compliance – helping employees understand compliance requirements and how oversight or carelessness can cause a catastrophic breach.
- Ransomware – demonstrating how easy it is to succumb to an attack and how personally disastrous the consequences can be.
- CEO/wire fraud - showing what it is, what it looks like and what it feels like to be the person responsible for losing thousands of dollars.
- Data in motion – showing how data is especially vulnerable when it's in motion and how to protect it.
- Office hygiene – how to secure paper, desks, screens and buildings.
FAQs: What is online security awareness training
Security awareness refers to the understanding by employees of the various threats to organizational security, what these threats look like when encountered by a user, and how employees can take action to stop or avoid security threats.
What is online security awareness training?
Online security awareness training is an educational tool that allows employees to interact online with training modules that help to improve their awareness of threats and how to handle them.
How do you create a security awareness program?
A cyber awareness program is typically built with training and testing capabilities that allow you to educate employees about security best practices and to test their progress in mastering them. With Mimecast online security awareness training, you can quickly and easily implement a security awareness program that employees all over the world can access.
What is the best defense against phishing?
Defending against phishing attacks requires a multilayered approach to security, including technology to recognize and block potential threats in inbound email, and awareness training for employees on how to spot phishing attacks and what to do when they encounter one. Mimecast's integrated security offerings provide powerful solutions for all levels of phishing defenses.