Security Awareness Training

It’s time to re-envision security awareness

Your security starts and ends with people. But human risk is still an unsolved problem for security teams of all sizes, with 68% of breaches involving a human element. Transform the way you address human risk with Mimecast Engage, a revolutionized security awareness solution powered by Mimecast’s Human Risk Management Platform. Mimecast Engage leverages risk signals and behavioral insights to deliver the right intervention and training to each employee, at the right time.

Human risk is real risk

Human risk is cybersecurity’s biggest gap, with 8% of employees causing 80% of incidents.

Traditional solutions just don’t work

Simulation metrics alone can’t measure real risk. One-size-fits-all training programs struggle to produce results.

Security teams are stretched thin

Conflicting priorities and a barrage of security alerts push human risk to the bottom of the to-do list.

Reduce human risk at its source

Identify your
riskiest employees

Gain unprecedented visibility, based on real
security data and threat analysis.

Spark real change
in behavior

Tailor training and intervention to each
employee’s actual behaviors.

Reset your
team’s focus

Deliver real security outcomes from a
platform built for simplicity and scale.

Unprecedented risk visibility

Analysis of employee email behavior, inbound attack data, and training and simulation metrics centralizes human risk signals in a single, actionable view.

Personalized engagement and training

Behavioral insights create training experiences unique to each employee, featuring Mimecast’s best-in-class video-based content.

Rapid deployment in minutes

A guided first-time setup experience accelerates your rollout and fine-tunes your program for results.

Effortless user experience

Powerful automation and an easy-to-use design reduce your workload and simplify administration.

Human Risk-Centric Security Awareness & Training Resources

Security Awareness Training Resource

Mimecast Engage

Datasheet

Email Security Resource

Forrester Report: The Human Risk Management Solutions Landscape, Q1 2024

Analyst Report

Email Security Resource

The Human Risk Factor

Infographic

What is security awareness?

Security awareness training refers to employee understanding of cyber hygiene, identifying the many ways attackers try to breach critical business systems or personal accounts, and how users play a critical role in stopping attacks to protect their organization.

Why do we need security awareness training?

Research suggests that human error is involved in more than 90% of security breaches. Security awareness training mitigates user risk by educating employees about the potential mistakes and proper procedure they need to follow when utilizing email and the web. It promotes more secure behaviors to protect personal and organizational data.

What are best practices for how to develop security awareness training?

Effective security awareness training focuses on engaging today’s workforce to reduce user risk. Many security awareness training programs ignore education best practices, delivering training in one-off sessions that overwhelm users with information or worse, are forgettable. For training to stick, it needs to be persistent, delivered regularly in small doses, to fit employees’ busy schedules. Most importantly, positive reinforcement and humor performs better than fear-based or boring messaging to improve retention of critical security topics.

How long should a security awareness training program be?

The length of security awareness training programs varies widely. Mimecast's approach is to provide short training sessions on a monthly basis, delivering ongoing education that keeps security best practices fresh on employees' minds.

What awareness topics should an effective security awareness training program include?

Mimecast Awareness Training provides 12 to 15 modules of new information security awareness training content per year, ensuring that and users get fresh and persistent training throughout the year with updated learning about the continuously changing threat landscape.

Our program includes security awareness training on:

Passwords, to make sure employees use strong passwords rather than personal passwords.
Privacy, to show how to protect personal information of employees, customers, partners and your company.
Phishing training, to help employees recognize phishing attacks and to show what happens when they are careless about responding to phishing messages.
PCI, to help employees ensure PCI compliance by recognizing and avoiding social engineering attacks.
HIPAA, to help employees avoid carelessness and oversight that can lead to a catastrophic breach.
Ransomware, to show how easy it is to succumb to an attack and how disastrous ransomware can be to companies and individuals.
CEO/wire fraud, to show what CEO fraud and wire fraud look like and what it feels like to be the person who lost thousands of dollars for the company.
Data in motion, to show how vulnerable data is when it's in motion, and how to protect it.
Office hygiene, to cover best practices for securing paper, desks, screens and buildings.
GDPR, to outline the data privacy rights that all employees must know and practice.

Human Risk-Centric Security Awareness & Training