{"id":24045,"date":"2018-02-28T09:58:42","date_gmt":"2018-02-28T16:58:42","guid":{"rendered":"http:\/\/blogdev.services.webroot\/?p=24045"},"modified":"2024-05-15T14:02:48","modified_gmt":"2024-05-15T20:02:48","slug":"security-awareness-training-get-started","status":"publish","type":"post","link":"https://www.webroot.com/blog/2018\/02\/28\/security-awareness-training-get-started\/","title":{"rendered":"Security Awareness Training: How to Get Started"},"content":{"rendered":"\n

In the past, security awareness training<\/a> for user education\u2014i.e. empowering users to make more savvy IT decisions in their daily routines\u2014was considered a \u201cnice to have,\u201d not a necessity. The decision to adopt user education was typically passed over because of budget, lack of in-house expertise, and the general lack of availability of high-quality, low-cost, computer-based training. In particular, small- to medium-sized businesses (SMBs) have suffered from these types of constraints, compared to larger, more resource rich organizations.<\/p>\n\n\n\n

Today, it\u2019s clear that end user education isn\u2019t just \u201cnice to have,\u201d and SMBs know it. As recently as August of 2017, a Better Business Bureau study on the State of Cybersecurity revealed that almost half of SMBs with 50 employees and under regard security awareness training among their top 3 security expenditures, alongside firewalls and endpoint protection.<\/span><\/a><\/p>\n\n\n\n

The increase in interest and budget allocation for end user education is understandable. On average, SMBs face $80,000 in annual losses following a ransomware or data loss breach. Users are on the front lines of your business, and even the most advanced security can\u2019t stop them from willingly, if unwittingly, handing over sensitive access credentials. If you\u2019re not educating your users, then you are putting your organization at an unnecessary and costly risk.<\/p>\n\n\n\n

Getting your end user education program started<\/h1>\n\n\n\n

Introduce to Stakeholders<\/h2>\n\n\n\n

Like any new program, building a foundation for success begins when you engage your stakeholders and management teams. Send an email explaining the value of security awareness to management, share details and reports around your first phishing and training campaigns, and loop in IT. Not sure how to craft that first email? Check out Webroot\u2019s Security Awareness Training<\/a> for help and templates to get you started.<\/p>\n\n\n\n

Start out with a Phishing Campaign<\/h2>\n\n\n\n

Consider starting your security awareness program with a simulated phishing campaign. The results of the simulation can also be used to demonstrate value to any more skeptical or reluctant IT decision-makers. Use the first phishing campaign as your baseline to gauge the level of awareness your end users already have. Webroot Security Awareness Training comes with a variety of template options to help you get started. We recommend using a template that mimics an internal communication from HR or the IT department to get the most eyes on the email. For early campaigns, it\u2019s also a good idea to use Webroot\u2019s \u201c404 Page Note Found\u201d template so users who fall for the phishing lure are unaware. This will help keep water cooler talk at a minimum, giving you a more accurate baseline. After that, be sure to link your phishing campaigns to training pages and courses to maximize the training opportunity.<\/p>\n\n\n\n

Share results with End Users<\/h2>\n\n\n\n

Use feedback to inspire smarter habits. A key objective for security awareness training is to engage end users and raise the level of cyber awareness throughout the organization.<\/span><\/a> For instance, sharing results of a simulated phishing campaign can help employees understand the impact of poor online habits and motivate them to practice better behaviors.<\/p>\n\n\n\n

Webroot Security Awareness Training lets admins see who clicked what in a phishing simulation. Bear in mind: the point of sharing results is not to shame the unwitting marks who fell for the scam. Instead, try capitalizing on everyone\u2019s engagement by sharing an overall statistical report, so users can recognize whether they clicked or avoided the phishing lure, without fear of embarrassment. More importantly, such a report would show the statistics around the organization as a whole, opening the door for further training programs to fill security gaps and provide a continuous learning experience.<\/p>\n\n\n\n

Continuous Training: Set up your phishing and training program<\/h2>\n\n\n\n

Once end users are engaged and understand the value, the next step is setting up a training program. There is no one-size-fits-all program, but we recommend running at least one to two phishing campaigns per month and a minimum of one to two training courses per quarter. Depending on the needs of each organization, you may want to increase the frequency and adjust intervals throughout the year. Webroot Security Awareness Training includes numerous pre-built phishing templates you can use, including real-world phishing scenarios (defanged from the wild.) It also offers professionally developed and engaging topical training courses, which you can be proud to share with your company. Courses range from cybersecurity best practices and 5-minute micro-learning courses to in-depth compliance courses on PCI, HIPAA, GDPR, SEC\/FINRA, and more.<\/p>\n\n\n\n

When you start seeing the significant impact that relevant, high-quality, and proven security awareness education has on your employees, you\u2019ll wonder how your business ever managed without it.<\/p>\n","protected":false},"excerpt":{"rendered":"

In the past, security awareness training for user education\u2014i.e. empowering users to make more savvy IT decisions in their daily routines\u2014was considered a \u201cnice to have,\u201d not a necessity. The decision to adopt user education was typically passed over because of budget, lack of in-house expertise, and the general lack of availability of high-quality, low-cost, […]<\/p>\n","protected":false},"author":115,"featured_media":24046,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[6585,21904,21906,21902,10719,3539,21947,6779,21949,3479,6579,21749,21948,21905,8297,19619,3529,21946,21903,21901],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/24045"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/115"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=24045"}],"version-history":[{"count":5,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/24045\/revisions"}],"predecessor-version":[{"id":32995,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/24045\/revisions\/32995"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/24046"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=24045"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=24045"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=24045"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=24045"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}