Webroot BlogWebroot BlogHow to Build Successful Security Awareness Training Programs in 2021 and BeyondCyber News Rundown: Trickbot Spreads Via Subway EmailsRemote Work is Here to Stay, and Other Cybersecurity Predictions for 2021Staying a Step Ahead of the HackCyber News Rundown: Global Cybercrime Costs Surpass $1 TrillionCyber News Rundown: Biological Worries Over Malware AttacksWhy Workers Aren’t Confident in their Companies’ Security (and What to Do About it)Small Businesses are Counting on Their MSPs this Small Business SaturdayCyber News Rundown: REvil Ransomware Strikes6 Tips for a More Cyber-Secure Holiday Season
https://www.webroot.com/blog Internet security threat updates and insights. Fri, 18 Dec 2020 20:50:22 +0000 en-US hourly 1 https://wordpress.org/?v=5.5.3 https://blog-en.webroot.com/wp-content/uploads/2018/01/webroot-favicon.png https://www.webroot.com/blog 32 32 https://www.webroot.com/blog/2020/12/22/how-to-build-successful-security-awareness-training-programs-in-2021-and-beyond/ Tue, 22 Dec 2020 13:00:00 +0000 https://www.webroot.com/blog/?p=30795 Security awareness training is one of the most straightforward ways to improve a business’ overall resilience against cyberattacks. That is, when you get it just right. Thanks to the disruptions to “normal” work routines that COVID-19 has brought, launching a company-wide training program to teach end users how to avoid phishing scams and online risks […]
The post How to Build Successful Security Awareness Training Programs in 2021 and Beyond appeared first on Webroot Blog.
]]> Security awareness training is one of the most straightforward ways to improve a business’ overall resilience against cyberattacks. That is, when you get it just right.
Thanks to the disruptions to “normal” work routines that COVID-19 has brought, launching a company-wide training program to teach end users how to avoid phishing scams and online risks is a big challenge. Unfortunately, COVID-19 has also brought a major acceleration in phishing activity. With so many office employees working outside the safety of corporate network protections, you can see why the need for training has never been more critical.
But there’s another issue: training is outside the skillset for most IT admins, and the level of effort to set up and run a program of training courses, compliance accreditations and phishing simulations can be daunting.
To help you get started, here are our top 5 recommendations for starting your security awareness program so you can maximize the impact of your efforts.
Get buy-in from stakeholders.
While you probably already have some combination of security tools in place, such as endpoint protection, DNS or web filtering, etc., the 2020 Verizon Data Breach Investigations Report states that phishing and social engineering are still the primary tactics used in successful cybersecurity breaches.
Make sure your stakeholders understand these threats. Send an email introducing the program to management and clearly explain the importance of educating users and measuring and mitigating your risk of exposure to phishing and other social engineering attacks.
Start with a baseline phishing campaign.
When you run your first phishing campaign, you establish your starting point for measuring and demonstrating improvement over time. (You can also use this real-world data to accurately show the need for improvement to any still-skeptical stakeholders.) Ideally this initial campaign should be sent to all users without any type of forewarning or formal announcement, including members of leadership teams. Make sure to use an option that simply shows a broken link to users who click through, instead of alerting them to the campaign, so you can prevent word-of-mouth between employees from skewing the results.Set up essential security and compliance training.
Create training campaigns to cover essential cybersecurity topics including