Security Awareness Training

Security Awareness Training works in conjunction with Endpoint Protection and is purchased separately. It is a hosted program designed to increase understanding and practical implementation of cybersecurity best practices. The program includes a phishing simulator, training courses, and other tools.

The Security Awareness Training modules are managed through campaigns. A campaign can be a single phishing simulation or set of training courses sent to a group of target users. Campaigns also provide reporting and management of your security awareness program.

Consider the following when designing and running campaigns:

• Everyone should participate. Include new hires and existing employees, across every department. Include all levels of employees. Service providers should train their own staff as well.

• Review the group receiving the campaign to make sure the training is relevant in terms of specific threats or risks and industry regulations and compliance.

• Do not assume any level of technical knowledge. Instead, start with basics and then get more specific.

• Provide clear participation guidelines to everyone receiving training.

• Behavioral change takes time.

• Security training should be reinforced on a regular basis.

• Consider running phishing simulations and training campaigns monthly.

• Measure, evaluate, and report routinely.

• Be aware that water cooler talk about a phishing test may skew the accuracy of the results.

• Communicate testing results to everyone and acknowledge employee participation.

• Communicate new risks regularly.