Top 3 Myths of Security Awareness Training
Security Mentor has been at this a while – teaching, educating and training companies worldwide about how to work smart and securely – and in the process, transforming employee attitudes towards security.
Across a wide range of industries and unique business needs, these organizations are achieving tangible results boosting the security of their workforce. The result: engaged employees that value security. So call us surprised when we continue to run into companies still unclear about the value of security awareness training. In fact, we think there are a few misconceptions. Among them, here are our Top 3 Myths of Security Awareness Training.
- Employees will forget what they learn. There’s definitely a concern that once companies go to the time, trouble and expense to train their staff that they’ll quickly forget what they learned. We admit to not necessarily remembering what we had for lunch yesterday, but our experience shows that if awareness training is frequent, focused and repeated, retention is the result. We think it’s key to incorporate real-world scenarios, current security content and compelling games to make training memorable and relevant.
- Training won’t change anything. Learning the material is one thing, but will it actually change employee behavior? It comes down to your objectives. If your only goal is to check the box and meet compliance requirements, then your success will be hampered no matter how/what your training methods. But if your company is serious about improving security awareness and behavior, then there needs to be a level of acknowledgement and accountability at all levels. Remember, security awareness is no different than encryption, firewalls or intrusion detection, though you can get a much greater return on your investment – reducing up to 95 percent of the human risk, according to measurements taken in phishing tests. This quote from customer Thomas Dunbar with XL Group plc says it all: “We understand that security is only as strong as the weakest link and we don’t want our colleagues to be that weakest link.”
- Employees already know what to do. This has to be the biggest myth of all. In fact, according to Verizon’s 2017 Data Breach Investigations Report, which analyzes security incidents that happened last year, again reported that humans were again the weak link that led to many of the compromises. So for all the sophisticated security setups companies produce to protect themselves and their data from hackers and other threats, the biggest threat to network security remains the people on the network. Employees know that there are bad guys online and might hesitate to click on emails or unknown links, but they are unclear and unsure as to how to protect themselves.
Long-time Security Mentor customer Dan Reynolds, VP and Chief of Security & Information Architecture at Omnicom Media Group puts it this way: “Today, your employees are the perimeter. If you are not educating your employees about security, you are not protecting your business.”
We trust in the power of Security Awareness Training and have seen how successful it can be for a wide variety of customers. If you’re interested in learning more, please reach out, we are more than happy to provide you with any and all the information you desire!
Author: Daniel Eickhoff, Director of Global Channel Sales at Security Mentor, Inc.
About Security Mentor: Even if an organization has all the technology boxes checked to maximize cyber security, the behavior of their employees still leaves them exposed and vulnerable to attacks. In fact, in the majority of security breaches, the human factor was the weakest link in the defense system.
Security Mentor is the industry-leading Security Awareness Training provider, offering the most effective security awareness training solution in the market. Our interactive and highly engaging lessons teach critical security skills in an easy-to-understand, fun format that drives real behavior change. www.securitymentor.com
This is a guest blog written by one of our technical partners. If you’re interested in writing a guest blog please contact Mackenzie at Secure Sense; firstname.lastname@example.org