Is Your Staff Getting Regular Security Awareness Training?
Studies show that the most successful cybersecurity breaches continue to be the result of human error. From clicking on malicious links and attachments to misconfigured systems and easy to guess passwords, the human factor remains a vulnerability that organizations need to address. As technology changes, so do the tactics of those with malicious intent, making it imperative for organizations to invest in regular security awareness training for their employees.
Why Regular Training Matters
The best way to turn your biggest cybersecurity risk into your greatest asset against a breach is through regular security awareness training. Unfortunately, too many companies are not devoting enough time to training. The average time an employee spends per year on security awareness training currently is about 49 minutes. Studies suggest that frequent, shorter sessions are more effective than the traditional once-a-year approach. A study by USENIX found that employees could identify phishing emails effectively up to four months after training, but their ability to recall and apply this knowledge diminished after six months. This indicates that training should occur at least every 4-6 months to maintain vigilance against phishing attacks.
However, cybersecurity awareness is about more than just phishing emails. It includes password hygiene, removable media, malware, remote working, and physical security. Given the complexity and range of topics, monthly security awareness training has emerged as a best practice for many organizations. This frequency ensures that employees are not only informed about new threats but also helps reinforce and refresh their knowledge regularly.
Statistics Backing the Need for Regular Training
The global auditing firm Accenture’s research suggests that the ideal number of training courses per year is 11, which translates to roughly once per month. This cadence aligns with the USENIX findings of knowledge retention. Human error is still the leading cause of data breaches, with 85% of breaches involving a ‘human element.’ Regular training helps mitigate this risk by keeping security top-of-mind for employees, showing them what to look for and how to spot phishing attempts.
Making Training Effective
For security awareness training to be effective, it must be engaging and relevant. Monthly sessions that take between 5 and 15 minutes to complete are practical and well-received by employees. These sessions can cover a range of topics, giving them actionable things to look for and strategies to use to prevent being a victim.
How can Summit Help?
The average time devoted to security awareness training needs to shift from once-a-year marathons, toward more frequent and shorter sessions. Monthly training is becoming the norm, providing a balance between keeping employees informed and not overwhelming them or taking too much of their workday. As cyber threats change, so must our approach to security training, ensuring that all employees are equipped to be the first line of defense.
Our Bullphish Security Awareness Training program provides world class training modules on a regular basis, as well as daily simulated phishing attacks to ensure the information and skills presented are being retained by your employees. Our platform also provides regular reporting to allow you to review how your employees are doing, who has completed the training, and who is continuing to fall for the simulated phishing attempts. If you would like to learn more about our Security Awareness Training program or any of our cybersecurity solutions, click on the link below to schedule a quick phone call with our team.
