IT Support Indianapolis 317-497-5500
IT Support Raleigh 919-890-8088
IT Support Atlanta 678-263-4770
IT Support Fairfax 703-344-7760
Request a Quote
SEP 6
How Often Do You Need to Train Employees on Cybersecurity Awareness?

How Often Do You Need to Train Employees on Cybersecurity Awareness?

September 6, 2022
You’ve completed your annual phishing training. This includes teaching employees how to spot phishing emails. You’re feeling good about it. That is until about 5-6 months later. Your company suffers a costly ransomware infection due to a click on a phishing link.rnrnYou wonder why you seem to need to train on the same information every year. But you still suffer from security incidents. The problem is that you’re not training your employees often enough.rnrnPeople can’t change behaviors if training isn’t reinforced. They can also easily forget what they’ve learned after several months go by.rnrnSo, how often is often enough to improve your team’s cybersecurity awareness? It turns out that training every four months is the “sweet spot.” This is when you see more consistent results in your IT security.rn

Why Is Cybersecurity Awareness Training Each 4-Months Recommended?

rnSo, where does this four-month recommendation come from? There was a study presented at the USENIX SOUPS security conference recently. It looked at users’ ability to detect phishing emails versus training frequency. It looked at training on phishing awareness and IT security.rnrnEmployees took phishing identification tests at several different time increments:rn
    rn
  • 4-months
    • rn
  • 6-months
    • rn
  • 8-months
    • rn
  • 10-months
    • rn
  • 12-months
    • rn
rnThe study found that four months after their training scores were good. Employees were still able to accurately identify and avoid clicking on phishing emails. But after 6-months, their scores started to get worse. Scores continued to decline the more months that passed after their initial training.rnrnTo keep employees well prepared, they need training and refreshers on security awareness. This will help them to act as a positive agent in your cybersecurity strategy.rnrn rn

Tips on What & How to Train Employees to Develop a Cybersecure Culture

rnThe gold standard for security awareness training is to develop a cybersecure culture. This is one where everyone is cognizant of the need to protect sensitive data. As well as avoid phishing scams, and keep passwords secured.rnrnThis is not the case in most organizations, According to the 2021 Sophos Threat Report. One of the biggest threats to network security is a lack of good security practices.rnrnThe report states the following,rnrn“A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we've investigated.”rnrnWell-trained employees significantly reduce a company’s risk. They reduce the chance of falling victim to any number of different online attacks. To be well-trained doesn’t mean you have to conduct a long day of cybersecurity training. It’s better to mix up the delivery methods.rnrnHere are some examples of engaging ways to train employees on cybersecurity. You can include these in your training plan:rn
    rn
  • Self-service videos that get emailed once per month
    • rn
  • Team-based roundtable discussions
    • rn
  • Security “Tip of the Week” in company newsletters or messaging channels
    • rn
  • Training session given by an IT professional
    • rn
  • Simulated phishing tests
    • rn
  • Cybersecurity posters
    • rn
  • Celebrate Cybersecurity Awareness Month in October
    • rn
rnWhen conducting training, phishing is a big topic to cover, but it’s not the only one. Here are some important topics that you want to include in your mix of awareness training.rn

Phishing by Email, Text & Social Media

rnEmail phishing is still the most prevalent form. But SMS phishing (“smishing”) and phishing over social media are both growing. Employees must know what these look like, so they can avoid falling for these sinister scams.rn

Credential & Password Security

rnMany businesses have moved most of their data and processes to cloud-based platforms. This has led to a steep increase in credential theft because it’s the easiest way to breach SaaS cloud tools.rnrnCredential theft is now the #1 cause of data breaches globally. This makes it a topic that is critical to address with your team. Discuss the need to keep passwords secure and the use of strong passwords. Also, help them learn tools like a business password manager.rn

Mobile Device Security

rnMobile devices are now used for a large part of the workload in a typical office. They’re handy for reading and replying to an email from anywhere. Most companies will not even consider using software these days if it doesn’t have a great mobile app.rnrnReview security needs for employee devices that access business data and apps. Such as securing the phone with a passcode and keeping it properly updated.rn

Data Security

rnData privacy regulations are something else that has been rising over the years. Most companies have more than one data privacy regulation requiring compliance.rnrnTrain employees on proper data handling and security procedures. This reduces the risk you'll fall victim to a data leak or breach that can end up in a costly compliance penalty.rn

Need Help Keeping Your Team Trained on Cybersecurity?

rnTake training off your plate and train your team with cybersecurity professionals. We can help you with an engaging training program. One that helps your team change their behaviors to improve cyber hygiene. Give us a call!rnrnArticle used with permission from The Technology Press.