How Often Should You Train Employees on Cyber Awareness?
So how often is often enough to improve cybersecurity awareness among your team? Training every four months has been found to be the sweet spot. Then you see more consistent results in your IT security.
So where does this recommendation to train every four months to come from? A study was recently presented at the USENIX SOUPS security conference. It looked at the ability of users to detect phishing emails versus the frequency of training. Training on phishing awareness and security from IT was examined.
Employees performed phishing detection tests at various intervals:
The study found that four months after training, the results were good. Employees were still able to accurately detect phishing emails and not click on them. But after 6 months, the results deteriorated. The more months that passed after the initial training, the worse the results became.
To ensure employees are well prepared, they need to be trained and refreshed on security awareness. That way, they can make a positive contribution to your cybersecurity strategy.
The gold standard for security awareness training is to develop a culture of cybersecurity. This is a culture where everyone is aware that sensitive data needs to be protected. They should also avoid phishing scams and keep passwords secure.
According to the Sophos Threat Report 2021, this is not the case in most organizations. One of the biggest threats to network security is the lack of good security practices.
The report notes the following,
Well-trained employees significantly reduce a company's risk. They reduce the likelihood of falling victim to a variety of online attacks. Being well-trained does not mean a full day of cybersecurity training. It's better to vary the training methods.
Here are some examples of engaging methods from Onyx IT for training employees on cybersecurity. You can include these in your training plan:
When conducting training, phishing is an important topic, but it's not the only one. Below are some important topics to include in your training mix.
Email phishing remains the most common form. But text message phishing ("smishing") and social media phishing are also on the rise. Employees need to know what these look like to avoid falling for these sinister scams.
Many companies have moved the majority of their data and processes to cloud-based platforms. This has led to a steep rise in credential theft, as it is the easiest way to break into SaaS cloud tools.
Credential theft is now the most common cause of data breaches worldwide. That makes it a topic you should definitely discuss with your team. Discuss the need to keep passwords secure and use strong passwords. Also, help them learn about tools like an enterprise password manager.
Mobile devices are used for much of the work in a typical office today. They are handy for reading and responding to emails from anywhere. Most businesses today will not even consider using software if it does not have a good mobile app.
Review security requirements for employee devices that access company data and apps. For example, secure the phone with a passcode and keep it up to date.
Privacy policies are another issue that has become more important over the years. Most companies have more than one data protection regulation with which they must comply.
Train your employees on proper data handling and security procedures. This will reduce the risk of becoming a victim of a data leak or breach, which can result in a costly penalty.
Take the stress out of training and let Onyx IT cybersecurity professionals train your team. Onyx IT can help you with an engaging training program. A program that will help your team change their behavior and improve cyber hygiene.
Article used with permission from The Technology Press.
T: 01603 414142
E: getintouch@onyx-it.co.uk
Onyx IT has been supported by New Anglia Local Enterprise Partnership through the Growing Business Fund