What Is Security Awareness Training?

    A comprehensive and proactive security awareness training program minimizes human risk.
    Key Points

    What you'll learn in this article

    Understand the importance of security awareness training and how Mimecast's comprehensive approach helps mitigate user risk against cyber threats:

    • Security awareness training empowers employees to recognize and mitigate cyber risks, fostering a culture of vigilance and resilience.
    • It minimizes human error, reducing breaches, and safeguarding sensitive data and assets.
    • Mimecast's security awareness training platform offers engaging content, easy administration, and personalized training tailored to organizational needs.

    What is security awareness training and why is it important?

    Security awareness training helps prevent and mitigate human risk. Designed to help users understand the role they play in combatting security breaches, effective security awareness training teaches proper cyber hygiene, security risks, and how to identify cyber attacks  delivered via email and web browsing.



    Why do your employees need security awareness training?

    Research suggests that human error is involved in more than 90% of security breaches. Security awareness training helps to minimize risk thus preventing the loss of PII, IP, money or brand reputation. An effective awareness training program addresses the cybersecurity mistakes that employees may make when using email, the web and in the physical world such as tailgating or improper document disposal.


    Why is good security awareness training important?

    Unfortunately, human error accounts for a large majority of security breaches. According to Stanford University Professor Jeff Hancock, 88% of data breach incidents are caused by employee mistakes, like using unsanctioned software or hardware, improperly disposing of documents or granting too generous application and document permissions. Security awareness training helps prevent these mistakes by equipping employees with the knowledge and practice for avoiding risky data movements and online behavior.

    Often due to lack of people resources, some companies are unable to institute good security awareness training. However, a proactive approach to security awareness training can help minimize insider risk and save in the long term by avoiding expensive losses and lawsuits.



    Use phishing tests to increase security awareness

    It’s easy to set up a phishing email test campaign on the Mimecast Awareness Training platform. In under 10 minutes, you can be ready to deploy a phish template to your users:

    • Use real-life de-weaponized attacks, or our realistic single-page and multi-page templates which cover everything from phony promotions and package tracking to fake news and password resets due to unauthorized logins.
    • Quickly customize your phish text and landing pages to reflect anticipated attempts against your employees.
    • Specify which employees will receive your phishing email tests, which templates they'll receive, and when you want to launch.


    What are best practices for approaching awareness training?

    Effective security awareness training focuses on engaging today’s workforce to reduce user risk. Many security awareness training programs ignore education best practices, delivering training in one-off sessions that overwhelm users with information or worse, are forgettable. For training to stick, it needs to be persistent, delivered regularly in small doses to fit employees’ busy schedules. Most importantly, positive reinforcement and humor performs better than fear-based or boring messaging to improve retention of critical security topics.



    Why choose security awareness training from Mimecast?

    Mimecast security awareness training is highly effective at changing employee attitudes and behavior around critical security practices. Additional benefits of include:

    • Expert content: Our highly engaging cybersecurity awareness training content is professionally produced by veterans of the television industry and developed by the insight and expertise of former law enforcement, military and CISOs.
    • Simple administration: Mimecast’s cloud-based platform, Mime|OS, makes it easy to manage policies and users for web, email security and awareness training within a single console.

    SAwT-content-illustration-1.webp

    Components of Mimecast's security awareness training

    Created by top leadership from the US military, law enforcement and intelligence committee, The Mimecast Awareness Training platform combines a highly effective methodology with predictive analytics to address your most pressing security vulnerabilities.

    That's why Mimecast web and email security training uses a series of highly entertaining videos, no more than two to three minutes in length, written and produced by some of the best talent in the entertainment industry. Every few weeks, employees spend five minutes viewing a video and answering a few questions to measure progress in their security awareness.

    Employees don't just "like" our security awareness training sessions, they love them. It's an entertaining break in their day that also drives home essential cybersecurity principles on a continual basis. It's also targeted – employees who need more attention based on their test results and risk scoring can receive additional training as needed.



    Critical security awareness training topics

    Mimecast Awareness Training regularly releases new training modules to keep content fresh for your users and reflect emerging security threats your organization faces. In addition to 12 to 15 annual training modules focused on information security topics, Mimecast releases monthly shorter trainings based on trending cyberattacks or seasonal scams and specialty topics covering new data privacy regulations.

    Topics include, but are not limited to:

    • Phishing awareness, teaching employees how to recognize and deal with potential phishing emails
    • Password security, including instruction on using strong passwords and avoiding personal passwords.
    • Privacy issues, with instructions on how to protect the sensitive data of customers, partners, other employees and the company.
    • Compliance, covering compliance for HIPAA, PCI and GDPR.
    • Insider threats, instructing employees how to recognize threats that may come from inside the organization.
    • CEO/wire fraud, showing employees how attackers may impersonate a C-level executive to defraud the company of thousands of dollars.
    • Data in motion, helping employees understand how vulnerable data in motion is and how they can protect it.
    • Office hygiene, helping employees understand the best way to protect paper, desks, screens and buildings.

    SAwT-content-illustration-2.webp

    Security awareness training results

    More Knowledge: Awareness Before and After Training
    THE TOPIC BEFORE AFTER GAIN
    Phishing 33.0% 81.2% 246%
    BYOD 28.1% 86.6% 308%
    Social Media 37.7% 80.1% 212%
    Passwords 12.5% 54.6% 437%
    Inadvertent Disclosure 18.6% 78.4% 421%
    Insider Threat 17.8% 62.6% 345%
    Shadow IT 26.7% 53.9% 202%
    Storage Devices 34.5% 88.2% 256%
    Reporting Threats 17.8% 62.6% 345%
    Tailgating 27.9% 67.2% 241%

    Security awareness training FAQs

    The time required to build an IT awareness security program depends on the technology and methodology you choose. As an online platform, Mimecast Awareness Training can be deployed and configured quickly, rolling out awareness training to a global workforce easily.
    Data shows that employees are far less likely to retain information from a cybersecurity awareness training program if the program is conducted infrequently and requires a large time investment. Some cybersecurity training programs require hours of an employee’s time often leading to employees tuning out the training and simply going through the motions to check the requirement off their to-do list. Mimecast Awareness Training is different. Our engaging, seriously funny three- to five-minute modules are delivered monthly to make training a regular part of an employee’s responsibilities without overwhelming them.
    Cybersecurity awareness is a journey. By regularly providing cybersecurity awareness training to employees in a fun and educating way, you can make cybersecurity everyone's role.
    The cost of an effective security awareness training program will vary depending on the size of your organization. Both small to mid-sized businesses and global enterprise organizations can implement Mimecast Awareness Training for a fraction of what a successful cyber breach costs a company in revenue losses. For added layers of security and additional cost savings, Mimecast Awareness Training can be bundled into a number of comprehensive cybersecurity plans.
    GDPR awareness training is specifically design to help employees understand the risks, rules, safeguards and rights in relation to European Union General Data Protection Regulation (GDPR) compliance.
    Fraud awareness training acquaints employees with the many techniques used by malicious individuals to defraud organizations of money and data. Once they have completed awareness training, employees are ideally more likely to spot, avoid and/or report fraudulent activity.

    Erkennen und beseitigen Sie Bedrohungen mit erweiterter Sicherheit von Mimecast

    Starten Sie noch heute Ihren kostenlosen 30-Tage-Scan und entdecken Sie alle Bedrohungen, die Microsoft übersehen hat. In wenigen Minuten implementiert, ohne Ihren E-Mail-Flow zu unterbrechen.

    Zurück zum Anfang