Why are security awareness trainings important? We now know that you shouldn’t click on any funny links.
Palo Stacho: The overwhelming majority of successful hacks still start with careless employees. It’s possible that many people are now suspicious of “funny links. But there are dangerous links that look very legitimate at first glance (URL spoofing) and we should not forget that there are still browsers that do not display the web address at all. On top of that, it is very one-sided to focus training efforts only on dubious links. Dangers can also come from file attachments in emails, from SMS, USB sticks and other social engineering techniques.
What is the key to success in awareness training? First of all, we should consider what “learning success” means in this context: maximum learning success, after all, means that personnel adopt safe behavior on the Internet! Something like this goes far beyond a training measure; it is an innovation project. For us, it has been proven that success can only be achieved by running a continuous awareness program that has a positive character, encourages individual commitment and includes measurable targets. Phishing tests conducted as part of the program shall be realistic. The learning modules must be varied and entertaining, and it is imperative that they are personalized, meaning that the training is embedded in the context of the employee and the company.
How do you ensure that what is learned is not forgotten? By training and testing on an ongoing basis. And you measure the awareness – the sensitization rate. In addition to the training rate, the most suitable indicator is the reporting rate. This refers to the percentage of phishing simulation e-mails reported by employees using the phishing report button. In our experience, the frequently mentioned “click rate” has extremely limited significance.
What must resellers themselves be able to do/know in order to offer such training successfully? Standardized one-size-fits-all phishing tests or awareness trainings achieve little sustainability. Of course, this should be part of the basic offering. However, resellers should use solutions that enable individualization and customizability of the training.
To what extent does offering awareness training lead to further business for resellers?
The need for training in the economy and the population is enormous! Cybersecurity Awareness is everyone’s business, and that’s all that needs to be said.
