Security awareness

5 Considerations to Make Before Purchasing Security Awareness Training

July 31, 2018 by Stephen Moramarco

Security awareness training courses, designed to teach employees about how to identify phishing emails and other online scams, are vital to every organization’s safety. But before you sign your company up to a program, you should think about what your company needs and whether this training will suit you.

Here are several considerations to be aware of:

The Questions

1. Is the Training Updated Regularly?

Technology changes rapidly; hackers and other cybercriminals are continuously inventing new ways to fool people into clicking links, wiring money or revealing passwords. Therefore, you need a training program that isn’t static and always adding new information to the program.

2. Are the Courses Fun, Interesting and Interactive?

Studies have shown that boring courses don’t connect with employees. Even if there is an interesting video, the learner could simply go and take a break while it’s playing. You need modules that not only convey the important safety messages in a compelling manner, but also include an element of interaction to ensure the material is being understood.

3. Is There a Corresponding Real-World Testing Mechanism?

Education is important, but you also need a way to see if employees are taking the information to heart. A good awareness program includes some kind of simulator that will allow you to send phony phishing emails and monitor whether the links are clicked.

4. Does It Offer Additional Security Tools?

Programs that offer email plugins that add enhancements like quarantine or dynamic filters can further your protection beyond training and testing.

5. Can It Be Monitored and Administered Remotely?

Don’t add to your paperwork — use an awareness training program that can run itself. This will allow you to focus more on the results, not the administration.

The Answer: SecurityIQ

InfoSec Institute has addressed these considerations with their award-winning platform SecurityIQ. It consists of two programs, separate but intertwined, called AwareEd and PhishSim.

AwareEd is the educational component and is constantly being updated with new content. Recently, dozens of new modules were added addressing GDPR, safe browsing, two-factor authentication, and more. Each module is designed for user engagement, with the goal of being interesting as well as informing.

To surreptitiously test your defenses, SecurityIQ includes PhishSim, a phishing simulation program. PhishSim contains dozens of templates common to many phishing scams; you can customize, use them as-is or create your own emails from scratch. Then, automatically send them in batches to employees; anyone that clicks is sent to an educational landing page while you are notified in real-time.

Security IQ has an advanced feature called PhishNotify Defender+ that allows administrators to remotely control the security levels of any employee’s Outlook account that matches certain criteria. This plugin can disable links while employees are in training, for example, to prevent any erroneous clicks.

Everything can be administered remotely. Once it’s set up, SecurityIQ essentially runs itself: campaigns can be sent, and employees enrolled and advanced through the courses. Real-time auto reports show you everything that is going on with your organization’s security in easy-to-understand graphics and reports.

If you are considering purchasing security awareness training, why not take SecurityIQ for a test run? Currently, InfoSec Institute is having a one-month free trial of SecurityIQ, which includes unlimited learners and phishing campaigns. See for yourself how it can help educate and protect your company from phishing attacks.

Posted: July 31, 2018
Stephen Moramarco
View Profile

Stephen Moramarco is a freelance writer and consultant who lives in Los Angeles. He has written articles and worked with clients all over the world, including SecureGroup, LMG Security, Konvert Marketing, and Iorad.