You’ve completed your annual phishing training and taught your employees how to spot phishing emails. You’re feeling good about it until about 5-6 months later when your company suffers a costly ransomware infection due to a click on a phishing link.
You might be wondering why you have to keep training your employees on the same information every year. But unfortunately, you still suffer from security incidents. The problem is that you’re not training your employees often enough.
If people don’t receive reinforcement for their training, they won’t be able to change their behavior. Additionally, if several months pass by, they can easily forget what they learned.
How often should you train your team to improve their cybersecurity awareness? It turns out that the sweet spot is every four months. This is when you see more consistent results in your IT security.
Why Is Cybersecurity Awareness Training Each 4-Months Recommended?
So where did this four-month recommendation come from? Recently, at the USENIX SOUPS security conference, a study was presented on users’ ability to detect phishing emails versus training frequency. The study looked at training on phishing awareness and IT security.
Employees took phishing identification tests at several different time increments:
The study found that four months after their training, employees were still able to accurately identify and avoid clicking on phishing emails. But after 6-months, their scores started to get worse. Scores continued to decline the more months that passed after their initial training.
Security awareness training and refreshers are essential to keeping your employees well prepared. By helping them understand cybersecurity threats and what they can do to help protect your organization, they can play a key role in your overall cybersecurity strategy.
Tips on What & How to Train Employees to Develop a Cybersecure Culture
In order to create a cybersecure culture, it is important to provide security awareness training to everyone. This will help them to be cognizant of the need to protect sensitive data, as well as avoid phishing scams and keep passwords secured.
One of the biggest threats to network security is a lack of good security practices, according to the 2021 Sophos Threat Report. This is not the case in most organizations.
When it comes to cybersecurity, well-trained employees can make all the difference for a company. By being up-to-date on the latest threats and how to protect against them, they can help reduce the risk of a costly attack. And it doesn’t have to take a lot of time to get them up to speed. A mix of different training methods can be the most effective way to ensure that your employees are prepared to handle whatever comes their way.
Here are some examples of engaging ways to train employees on cybersecurity:
- Self-service videos that get emailed once per month
- Security “Tip of the Week” in company newsletters or messaging channels
- Training session given by an IT professional
- Simulated phishing tests
- Cybersecurity posters
Phishing might be a big topic to cover when conducting training, but it’s not the only one. Here are some other important topics to include in your awareness training.
Phishing by Email, Text & Social Media
Email phishing remains the most common form of phishing, but smishing (phishing via text message) and phishing on social media are both on the rise. Employees need to be aware of what these scams look like so they can avoid falling victim to them.
Credential & Password Security
Credential theft is a huge problem for businesses all over the world. Passwords are the key to protecting your data, so it’s critical to have strong passwords and to keep them secure. A business password manager can be a great tool to help with this.
Mobile Device Security
Mobile devices are playing an increasingly important role in the workplace. They’re handy for reading and replying to email, and most companies won’t even consider using software these days if it doesn’t have a great mobile app.
Review security needs for employee devices that access business data and apps. Such as securing the phone with a passcode and keeping it properly updated.
Need Help Keeping Your Team Trained on Cybersecurity?
Don’t spend your valuable time training your team on cybersecurity best practices – let the professionals do it for you! We can help you develop an engaging training program that will help your team adopt the behaviors needed to improve their cyber hygiene. Contact us today to learn more!