How Often Should Employees Be Trained in Cybersecurity Awareness?
Cybersecurity is an ongoing issue that needs to be carefully managed. Employees should be made aware of the dangers when undertaking work related tasks online. They should be provided opportunities to undertake regular training, to increase their knowledge of cybersecurity threats, and to increase their overall awareness of the issue.
Cybersecurity threats such as email or telephone phishing have become prevalent today, to the point where they are present and ongoing in our daily lives. These come in the form of spam emails, SMS text messages, or other online hacking attempts. An organisations online integrity and security can be easily compromised by these threats. The effects caused can be seriously detrimental and damaging to the organisation and its employees.
It is for these reasons that the subject of cybersecurity needs to be taken very seriously.
So how often should employees be trained in cybersecurity awareness?
You may already be providing training to your employees in matters of cybersecurity. Perhaps on a yearly basis, thinking this is enough to offer your organisation protection from cyber threats. Staff, however, need to be constantly reminded of the online dangers that always exist. There may have been a turnover of staff, and new staff might have arrived that have had very little or no training in online security at all.
It is recommended that employees receive training in cybersecurity awareness regularly to increase their knowledge and vigilance, and to reinforce any training that they may have already received. Industry experts agree that cybersecurity training should be undertaken by staff approximately every four months. It is this frequency of training which will deliver you and your organisation consistent awareness of online security threats and their dangers.
Cybersecurity Awareness Training Every Four Months – Why it is Recommended
The recommended four-month interval for staff cybersecurity training has been determined by a study that was revealed at the USENIX SOUPS online security conference. The study examined a user’s ability to detect and recognise phishing emails, along with the frequency of training in the subject matter that they had received.
The staff in the study were tested for their phishing identification abilities over differing time frames, being:
- 4 months
- 6 months
- 8 months
- 10 months and
- 12 months
The results of this testing revealed that the staff who were tested at the four-month time frame recorded the best results in the detection and recognition of attempts of online phishing via email received. After the six-month time frame the recognition results recorded by the staff began to decline, with this decline continuing to increase as the time frames passed by, from when the staff had first received their initial training.
As a result, it can be determined that employees require regular cybersecurity training to ensure that their awareness and detection abilities are as heightened as possible.
Cybersecurity Threats, Training, And Why It Matters
According to a recent Sophos Threat Report, one of the largest ongoing threats to network security is the failure to implement basic good security practices.
Well-trained staff will significantly reduce an organisations exposure to cybersecurity threats and risks. If the threats and risks of nefarious online activities are reduced, so is the potential for the damage and negative effects that they can cause.
Developing a Cybersecure Culture – How to Encourage Your Employees to Implement One
To develop best practices in cyber security it is recommended to form and implement a safe and secure protective culture around your organisations work practices. This is best achieved when staff are aware of the ongoing need to protect sensitive internal information. A significant part of this protection is the recognition and avoidance of dangerous security threats such as phishing scams and information theft.
To develop and achieve a functioning cybersecure culture it is recommended to implement a diverse approach.
The following are some examples of how you can positively engage employees to take an interest in and maintain cybersecurity best practices:
- Encourage Cybersecurity Awareness Month during October each year
- Include a security “Tip of the Week” in company memos or messaging channels
- Place cybersecurity posters around the workplace
- Promote team-based roundtable discussions regarding online security practices
- Propagate education videos that are messaged to employees once per month
- Provide a training session to all employees which is hosted by a security professional
- Provide simulated phishing tests to all employees
Cybersecurity is a diverse issue and while phishing is one of the biggest dangers, it is not the only one. The following are some related topics that you may wish to include in your future awareness training:
Phishing Threats Delivered Via Email, Social Media Or Text Message
Online security threats delivered via phishing emails are the most prevalent, with phishing attempts arriving through social media and text message are also increasing. It is recommended that employees are shown real-world examples of these types of phishing threats during training to familiarise themselves with them.
Credential And Password Threats and Security
According to a report released by IBM credential theft is the number one cause of data breaches around the world. It is for this reason that the importance of credential and password security is discussed and iterated with employees.
Credentials and passwords need to be strong and secure. Tools such as password managers should be introduced to staff highlighting their benefits.
Mobiles Devices and their Security
Mobiles devices such as tablets and telephones are now commonplace in the workplace. They are often used by employees to undertake work-specific tasks. As such they are a point of access for cybersecurity threats. Employees need to be reminded to be aware and vigilant when using them.
Devices can be further secured by applying multi-factor authentication to them during various facets of their operation.
Data, Data Storage, and its Security
Data, its storage, privacy, and use of has become a very important mainstream issue in society. Most organisations have data privacy regulations and are subject to its associated regulatory compliance.
Employees who are tasked with managing such data need to be properly trained in its handling and related security procedures, to ensure that the data is properly safeguarded and that privacy issues are not infringed upon.
Do You Need Help Training Your Employees in Cybersecurity?
If you need help with training your employees in cybersecurity related matters, please let us know.
We possess extensive knowledge of all online safety and security threats and are aware of the recommended safety protocols.
We can provide your organisation with engaging training content and materials for your staff, which will help secure and enhance your organisations online and offline security.