Security awareness

[Free Guide] 12 Best Practices for Effective Security Awareness Training

September 13, 2018 by Megan Sawle

A new study from Osterman Research confirms what you already suspected: phishing attacks are on the rise, and despite advanced security controls, more and more malicious emails are hitting end users’ inboxes. Key findings include:

  • Two-thirds of organizations were compromised in the past 12 months
  • Just 48% report their infrastructure is well equipped to fight ransomware
  • Only 36% are confident in their employee security awareness training program

That means about half of security practitioners will be up late tonight, counting vulnerabilities instead of sheep as they look for ways to fill the growing gap in their security perimeter. With only 36% of professionals confident in their employee awareness training program, the good news is there’s considerable room for improvement in enterprise security education and employee preparedness.

Avoid These Common Security Awareness Training Pitfalls

While the Osterman report found most organizations offer some form of security awareness training (huzzah!), just 26% of employees receive training more than four times a year. When you consider 6.4 billion fake emails are sent everyday, it’s no surprise so few security pros are confident in their organizations’ employee awareness programs.

Beyond training frequency, Osterman points to several other reasons why employees might not be buying what your organization’s security awareness training program is selling:

  • Irrelevant training content
  • Multiple topics covered per session instead of one topic per session
  • Boring, dry training

Effective Security Awareness Training: The Missing Layer in Your Security Strategy

A layered approach to security is no longer just a best practice — it’s critical to the health of any organization. Adding a layer of awareness training to your security strategy will provide extra protection against malicious content circumventing your security controls.  

Osterman recommends implementing frequent, effective awareness training to thwart attacks targeting your employees. Download their free guide for 12 awareness training best practices you can implement now to increase employee training engagement and retention.

Get the Guide

Infosec IQ Security Awareness Training: The Right Training at the Right Time

Infosec IQ by Infosec personalizes the awareness training experience based on your employees’ roles and security aptitudes. This fully automated SaaS solution delivers training dictated by your program design and individual employee training performance, as well as their involvement in events blocked by your endpoint protection software — making it easy to implement Osterman Research’s 12 awareness training best practices in your program. The Infosec IQ training resources library also includes thousands of training modules and phishing simulations, ensuring employee awareness training is always relevant, fun and fresh.

Posted: September 13, 2018
Megan Sawle
View Profile

Megan Sawle is a communications and research professional with 10 years of experience in cybersecurity, bioscience and higher education. Megan leads Infosec’s research strategy, leveraging study findings to mature its cybersecurity education offerings and build awareness of cybersecurity diversity and skill shortage challenges. Since joining the team, she’s directed research projects on a wide variety of cybersecurity topics ranging from dark web marketplaces and phishing kits to the Workforce Framework for Cybersecurity (NICE Framework) and the importance of soft skills in cybersecurity roles. Megan is a University of Wisconsin-Stout graduate, an avid equestrian and (very) amateur mycologist.