Frequently Asked Questions
What is security awareness?
Security awareness training refers to employee understanding of cyber hygiene, identifying the many ways attackers try to breach critical business systems or personal accounts, and how users play a critical role in stopping attacks to protect their organization.
Why do we need security awareness training?
Research suggests that human error is involved in more than 90% of security breaches. Security awareness training mitigates user risk by educating employees about the potential mistakes and proper procedure they need to follow when utilizing email and the web. It promotes more secure behaviors to protect personal and organizational data.
What are best practices for how to develop security awareness training?
Effective security awareness training focuses on engaging today’s workforce to reduce user risk. Many security awareness training programs ignore education best practices, delivering training in one-off sessions that overwhelm users with information or worse, are forgettable. For training to stick, it needs to be persistent, delivered regularly in small doses, to fit employees’ busy schedules. Most importantly, positive reinforcement and humor performs better than fear-based or boring messaging to improve retention of critical security topics.
How long should a security awareness training program be?
The length of security awareness training programs varies widely. Mimecast's approach is to provide short training sessions on a monthly basis, delivering ongoing education that keeps security best practices fresh on employees' minds.
What awareness topics should an effective security awareness training program include?
Mimecast Awareness Training provides 12 to 15 modules of new information security awareness training content per year, ensuring that and users get fresh and persistent training throughout the year with updated learning about the continuously changing threat landscape.
Our program includes security awareness training on:
- Passwords, to make sure employees use strong passwords rather than personal passwords.
- Privacy, to show how to protect personal information of employees, customers, partners and your company.
- Phishing training, to help employees recognize phishing attacks and to show what happens when they are careless about responding to phishing messages.
- PCI, to help employees ensure PCI compliance by recognizing and avoiding social engineering attacks.
- HIPAA, to help employees avoid carelessness and oversight that can lead to a catastrophic breach.
- Ransomware, to show how easy it is to succumb to an attack and how disastrous ransomware can be to companies and individuals.
- CEO/wire fraud, to show what CEO fraud and wire fraud look like and what it feels like to be the person who lost thousands of dollars for the company.
- Data in motion, to show how vulnerable data is when it's in motion, and how to protect it.
- Office hygiene, to cover best practices for securing paper, desks, screens and buildings.
- GDPR, to outline the data privacy rights that all employees must know and practice.