Security awareness training that actually works
Human error is responsible for more than 90% of security breaches. That means if your employees aren't ready to deal with a cyberattack, your organization isn't either. And while many companies have invested heavily in security awareness training, the results are often mixed or disappointing. Most awareness training programs are boring and time-consuming – busy employees resent the time it takes to learn things they think they already know or don't care about.
Mimecast Awareness Training is different – it's something employees actually look forward to and learn from. Engaging employees for just a few minutes each month with short, highly entertaining videos, Mimecast security awareness training helps you dramatically reduce risk by minimizing the employee mistakes that cause security breaches.
Components of Mimecast's security awareness training
Created by top leadership from the US military, law enforcement and intelligence committee, The Mimecast Awareness Training platform combines a highly effective methodology with predictive analytics to address your most pressing security vulnerabilities.
Mimecast cyber awareness training is based on learning science that suggests lasting, meaningful behavioral change requires learning that is engaging, persistent and nonintrusive. It can't be boring, and it can't be a one-off exercise that takes hours out of a busy day. That's why Mimecast web and email security training uses a series of highly entertaining videos, no more than 2 – 3 minutes in length, written and produced by some of the best talent in the entertainment industry. Every few weeks, employees spend five minutes viewing a video and answering a few questions to measure progress in their security awareness.
Employees don't just "like" our security awareness training sessions, they love them. It's an entertaining break in their day that also drives home essential cybersecurity principles on a continual basis. It's also targeted – employees who need more attention based on their test results and risk scoring can receive additional training as needed.
Components of Mimecast employee security awareness training include:
- Videos - massively engaging, video-based training modules that take a best-practice, micro learning approach to security awareness training. Each video covers a security threat, what employees should do about it, what the consequences for the company and the personal impact could be if they make a mistake.
- Real-world testing – employees answer a set of questions before training to establish a baseline and then answer those same questions every six months thereafter. Employees also answer questions after each training module to assess the impact on their security awareness. You can also test your employees' awareness of best practices around phishing and spear-phishing attacks by regularly sending test phishing emails.
- Risk scoring – every employee receives a risk score based on testing and the position they hold within the company (some positions are more likely to be targeted).
- Customer mediation – based on individual employee profiles, you can direct training resources to the employees who need it most to improve outcomes and reduce risk.
Topics covered by our security awareness training
Mimecast Awareness Training provides 12 to 15 modules of new information security awareness training content per year, ensuring that and users get fresh and persistent training throughout the year with updated learning about the continuously changing threat landscape.
Our program includes security awareness training on:
- Passwords, to make sure employees use strong passwords rather than personal passwords.
- Privacy, to show how to protect personal information of employees, customers, partners and your company.
- Phishing training, to help employees recognize phishing attacks and to show what happens when they are careless about responding to phishing messages.
- PCI, to help employees ensure PCI compliance by recognizing and avoiding social engineering attacks.
- HIPAA, to help employees avoid carelessness and oversight that can lead to a catastrophic breach.
- Ransomware, to show how easy it is to succumb to an attack and how disastrous ransomware can be to companies and individuals.
- CEO/wire fraud, to show what CEO fraud and wire fraud look like and what it feels like to be the person who lost thousands of dollars for the company.
- Data in motion, to show how vulnerable data is when it's in motion, and how to protect it.
- Office hygiene, to cover best practices for securing paper, desks, screens and buildings.
- GDPR, to outline the data privacy rights that all employees must know and practice.
Security awareness training results
We know employees love our security awareness training – they tell us all the time. And by testing employee awareness before and after training modules, we also know how effective our methodology is.
More knowledge: awareness before and after training |
|||
| THE TOPIC | BEFORE | AFTER | GAIN |
| Phishing | 33.0% | 81.2% | 246% |
| BYOD | 28.1% | 86.6% | 308% |
| Social Media | 37.7% | 80.1% | 212% |
| Passwords | 12.5% | 54.6% | 437% |
| Inadvertent Disclosure | 18.6% | 78.4% | 421% |
| Insider Threat | 17.8% | 62.6% | 345% |
| Shadow IT | 26.7% | 53.9% | 202% |
| Storage Devices | 34.5% | 88.2% | 256% |
| Reporting Threats | 17.8% | 62.6% | 345% |
| Tailgating | 27.9% | 67.2% | 241% |
Security awareness training FAQs
What is security awareness training?
Security awareness training educates employees about best practices for cybersecurity. An awareness training program will typically acquaint employees with the many threats they face as they send and receive email and surf the web each day. Training programs will also provide users with best practices for avoiding attacks and protecting the organization and themselves.
Why is security awareness training important?
Research shows that more than 90% of cyberattacks involve human error. An ill-advised action on the part of an employee may open the door to an attack, no matter how strong your defenses are. Security awareness training addresses these risks by familiarizing employees with the nature of cyberattacks and ways to identify and prevent them.
What are best practices for how to develop security awareness training?
Many security awareness training programs ignore basic best practices for education, delivering training in one-off sessions that overwhelm users with information, with content delivered in boring, fear-based messaging. Mimecast Awareness Training takes the opposite approach – we deliver short doses of awareness training on a monthly basis in an entertaining format that promotes user engagement and improves user retention of critical information.