Security Awareness Training

Security awareness training that actually works

Human error is responsible for more than 90% of security breaches. That means if your employees aren't ready to deal with a cyberattack, your organization isn't either. And while many companies have invested heavily in security awareness training, the results are often mixed or disappointing. Most awareness training programs are boring and time-consuming – busy employees resent the time it takes to learn things they think they already know or don't care about.

Mimecast Awareness Training is different – it's something employees actually look forward to and learn from. Engaging employees for just a few minutes each month with short, highly entertaining videos, Mimecast security awareness training helps you dramatically reduce risk by minimizing the employee mistakes that cause security breaches.

Components of Mimecast's security awareness training

Created by top leadership from the US military, law enforcement and intelligence committee, the Mimecast Awareness Training platform combines a highly effective methodology with predictive analytics to address your most pressing security vulnerabilities.

Mimecast cyber awareness training is based on learning science that suggests lasting, meaningful behavioral change requires learning that is engaging, persistent and nonintrusive. It can't be boring, and it can't be a one-off exercise that takes hours out of a busy day. That's why Mimecast web and email security training uses a series of highly entertaining videos, no more than 2 – 3 minutes in length, written and produced by some of the best talent in the entertainment industry. Every few weeks, employees spend five minutes viewing a video and answering a few questions to measure progress in their security awareness.

Employees don't just "like" our security awareness training sessions, they love them. It's an entertaining break in their day that also drives home essential cybersecurity principles on a continual basis. It's also targeted – employees who need more attention based on their test results and risk scoring can receive additional training as needed.

Components of Mimecast employee security awareness training include:

• Videos - Massively engaging, video-based training modules that take a best-practice, micro learning approach to security awareness training. Each video covers a security threat, what employees should do about it, what the consequences for the company and the personal impact could be if they make a mistake.
• Real-world testing – Real-world testing – Employees begin by answering a baseline set of security awareness questions, then revisit the same questions every six months to measure progress. Post-training quizzes follow each module to assess immediate impact. To test awareness in action, Mimecast’s phishing simulation tools let you send regular simulated phishing and spear-phishing emails in under 10 minutes – including fake promotions, package tracking, or password reset emails. You control the timing and content, and results can be paired with training module data to refine individual employee risk profiles.
• Risk scoring – Every employee receives a human risk score (0-100) based on testing and the position they hold within the company (some positions are more likely to be targeted). Mimecast risk scoring ultimately provides a watchlist that lets you know which employees and departments are struggling with or disengaged from training—or who exhibit risky behaviors that could compromise cyber security.
• Customer mediation – Based on the individual employee risk scores and profiles, you can direct training resources to the employees who need it most to improve outcomes and reduce risk.

Topics covered by our security awareness training

Mimecast Awareness Training provides 12 to 15 modules of new information security awareness training content per year, ensuring that users get fresh and persistent training throughout the year with updated learning about the continuously changing threat landscape.

Our program includes security awareness training on:

• Passwords, to make sure employees use strong passwords rather than personal passwords.
• Privacy, to show how to protect personal information of employees, customers, partners and your company.
• Phishing training, to help employees recognize phishing attacks and to show what happens when they are careless about responding to phishing messages.
• PCI, to help employees ensure PCI compliance by recognizing and avoiding social engineering attacks.
• HIPAA, to help employees avoid carelessness and oversight that can lead to a catastrophic breach.
• Ransomware, to show how easy it is to succumb to an attack and how disastrous ransomware can be to companies and individuals.
• CEO/wire fraud, to show what CEO fraud and wire fraud look like and what it feels like to be the person who lost thousands of dollars for the company.
• Data in motion, to show how vulnerable data is when it's in motion, and how to protect it.
• Office hygiene, to cover best practices for securing paper, desks, screens and buildings.
• GDPR, to outline the data privacy rights that all employees must know and practice.

Security awareness training results

We know employees love our security awareness training – they tell us all the time. And by testing employee awareness before and after training modules, we also know how effective our methodology is.

Empower your team with Mimecast Security Awareness Training

Cyber threats are constantly evolving, and your employees are your first line of defense. Mimecast’s Security Awareness Training makes it easy to build a security-first culture, reduce risky behaviors, and keep your organization safe. Explore our training today and turn your people into your strongest security asset.