How Often Do You Need to Train Employees on Cybersecurity Awareness?

Written By Jabey Gray

Your yearly cyber awareness training, which trains staff members to recognise phishing emails, is complete. You're feeling good about it until roughly 5–6 months later when a click on a phishing link results in an expensive ransomware infestation at your practice. As a business, you may wonder why you always appear to need to retrain on the same material and yet still experience security incidents.

The issue? You don't train staff frequently enough!

how-often-should-you-train-employees-on-cyber-security

If you don't reinforce training, people won't modify their behaviour. After a while, people are susceptible to forgetting what they have learnt.

How frequently is sufficient to raise your team's level of cyber awareness? It turns out that four months between training sessions is the "sweet spot" and produces more reliable outcomes for your IT security.

Why Is Every Four Months' Cybersecurity Awareness Training Recommended?

So, where did you get the four-month recommendation? At the most recent USENIX SOUPS security conference, a study was presented. The study compared users' capacity to recognise phishing emails to the training frequency. In addition, it examined phishing awareness training and IT security. Employees completed phishing identification exams at various intervals of time: 

4-months

6-months

8-months

10-months 

12-months

The study discovered that their training scores were good four months later. Employees could still recognise phishing emails and avoid clicking on them. However, their scores began to decline after six months. The more time passed after their initial instruction, the lower the scores were.

Employees require security awareness training and updates to stay informed and prepared, which will help them support your cybersecurity plan.

Tips on What & How to Train Employees to Develop a Cybersecure Culture

Creating secure cyberculture where everyone knows the need to protect sensitive data, stay away from phishing scams, and use secure passwords is the gold standard for security awareness training.

However, many organisations don't experience this. The lack of proper security practices is one of the main challenges to network security. The following is stated in the SOPHOS 2021 Threat report:

"A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we've investigated."

A company's risk is significantly decreased by adequately trained staff. They lessen the possibility of succumbing to various internet assaults. It's not necessary to spend an entire day conducting cybersecurity training to be well-trained. You should vary the delivery techniques.

Here are some examples of engaging ways to train employees on cybersecurity. You can include these in your training plan:

  • ·Self-service videos that get emailed once per month

  • Team-based roundtable discussions

  • Security "Tip of the Week" in company newsletters or messaging channels

  • Training session given by an IT professional 

  • Simulated phishing tests

  • Cybersecurity posters

  • Celebrate Cybersecurity Awareness Month in October 

Phishing is a critical topic to discuss when training, but it's not the only one. You should include the following crucial issues in your mix of awareness training:

Phishing via text, email, and social media

The most common type is still email phishing. However, SMS phishing (also known as "smishing") and phishing on social media are expanding. Employers need to be familiar with these types to prevent employees from falling for these scams.


Credential & Password Security

The majority of corporate processes and data are now on cloud-based systems. Unfortunately, because hacking SaaS cloud products is the simplest way, this has resulted in a sharp rise in credential theft.

Credential theft is currently the leading global cause of data breaches, making it an important subject to broach with your employees. Discuss the importance of using strong passwords and keeping passwords secure and help them learn additional tools, such as a business password manager.

Device Security on Mobiles

A typical office today completes a large percentage of work on mobile devices, helpful in checking and responding to emails from any location. But unfortunately, most firms won't even consider implementing software these days if it doesn't have a great mobile app.

Check the security specifications for employee devices that access company apps and data; consider updating the phone and using a passcode to secure it.

Data Security

Regulations about data privacy are another issue that has grown over time. As a result, most businesses must comply with many data privacy laws.

Train staff members on correct data management and security measures to lower the chance of being a victim of a data leak or breach that could result in a pricey compliance penalty.

Need Assistance Keeping Your Team Cybersecurity-Trained? We can support you with plans and schedules to hit that training sweet spot - One that enables your team to alter its behaviour to enhance cyber security best practise. Get in touch to learn more.

The article used with permission from The Technology Press.

Jabey Gray
Previous

Home Security: Why You Should Put IoT Devices on a Guest Wi-Fi Network
Next

Utilise Your Laptop's Battery for Longer by Using These Power-Saving Tips