Can you remember the last time you had or administered any cybersecurity awareness training? Was it when you were first hired? A year after that? Whatever the case may be, chances are good that it’s been a while.
With how often the world of cybersecurity changes, it’s important for employees to stay updated with current best practices. If you want your employees to retain the cybersecurity tips that will help stop cyber attacks, regular refreshing is needed.
But exactly how often should you do cybersecurity awareness training?
How long can employees retain the information they’re taught in training? How often should you train so the effects don’t wear off?
Experts tend to agree that training should occur about two to three times per year — or about every four to six months. A 2020 study conducted by USENIX found that six months after training, employees had a harder time spotting phishing emails.
The key is to find the right cadence for your own employees. Use the four- to six-month timeframe as a starting point and test your employees regularly to see how well they recall their training. You might need to train more often at first, but as your users perform better in testing, you can go longer between training sessions.
The Mimecast State of Email Security 2022 Report, which surveyed 1,400 IT professionals representing companies across the globe, highlights some key reasons security training should be a priority:
Despite all this, the same report found that only 23% of organizations provide awareness training on a regular basis
Think the costs and time spent on security training isn’t worth it at the end of the day? That couldn’t be further from the truth.
According to the same study, the average cost of a data breach is $4.24 million, which is up from $3.86 million the previous year. That’s a serious expense that could have devastating consequences for any business.
Great security training is a combination of the right information delivered in the right formats.
First, your training program needs to educate employees on a wide variety of potential cyber threats. Security training needs to cover not just phishing attempts, but all other aspects of cybersecurity as well. It should discuss topics such as:
Second, you need to share this information in ways your employees will enjoy and engage with. Instead of a PowerPoint lecture, consider videos and interactive training. Mix in some humor and entertainment value for good measure. Don’t let cybersecurity awareness training become something employees dread..
If you’re ready to kick your employee training into gear, we can help you evaluate, select, and deploy the right training program for your organization. But first, you’ll need to take a closer look at your current state of cybersecurity.
Is your team trained on what to look out for in the event of a cyberattack? You don’t have to wait until you experience a threat to find out!
We offer a free cybersecurity risk assessment tool that asks key questions about important topics, such as security awareness, software, defenses against malware infection and more. Click the link below to take the quick and convenient assessment, and we’ll be in touch with possible next steps on how you can ensure you’re as airtight on your cybersecurity as possible.
