Security Awareness Training

Security Awareness Training is purchased separately and works with Endpoint Protection. It is a hosted solution designed to minimize cybersecurity risks caused by human factors and help you implement a practical security awareness training program in your organization. This solution includes a phishing simulator, security training courses, and other tools such as Autopilot and training remediation features.

Training is organized and delivered to target users through campaigns, which may include phishing simulations, training courses, or both. Campaigns also provide reporting and management of your security awareness program.

The Autopilot feature enables you to target users with monthly pre-scheduled training and phishing campaigns to remind users to stay vigilant and keep security in mind. For more information on Autopilot, see Enabling Autopilot. For users who fail phishing simulation campaigns, Training Remediation campaigns will automatically enroll them into training to address the issue.

Best Practices

Consider the following when designing and running campaigns:

• Security training is more effective when it is continuous, unobtrusive, and relevant to users.

  • Consider running phishing simulations and training campaigns monthly to encourage employees to stay vigilant.

  • Tailor campaigns to specific roles, risks, and compliance requirements to keep them relevant to users.

  • Most training courses require only 5 minutes to complete. This makes them easier to complete during busy workdays, leading to better compliance results.

• Participation guidelines should be clear, and everyone should receive training. Include new hires and existing employees at all levels and across every department.

• Do not assume any level of technical knowledge. Start with essential training on topics like phishing, social engineering, and password best practices, before training on more specific or complicated topics.

• Communicate new security risks as they arise.

• Share aggregated testing results with users and acknowledge employee participation to raise awareness and encourage engagement.

• Measure and report routinely to evaluate the success of your campaigns. Remember that behavioural change takes time.

• Be aware that casual discussion between users about a phishing test may skew the accuracy of the results.