A quick google search will show there are numerous companies offering Security Awareness Training services. With so many options, it can be difficult to find the right service for your organisation.
To help guide you through the selection process, here are nine key questions:
- Does the testing phase draw upon information in the public domain to launch realistic, targeted test attacks?
- Is the training service provided by IT Security experts and fully managed over at least a 12 month period?
- Do vulnerable employees (those that click for example), receive additional relevant remedial training?
- Does the training content include all types of cyber security attacks, from email phishing, to web, mobile and physical, and include best practice recommendations?
- Are employees tested on a regular, random basis with targeted bespoke attacks, to ensure they apply the training daily and stay vigilant against cyber crime.
- Are all employees Baseline Tested with a real life, bespoke and targeted phishing email before training? (This initial ‘at risk’ statistic ensures employees take the training seriously.)
- Is the training content relevant to the geographic area – ie UK content for UK trainees?
- How often is the content refreshed? Can particular training modules be selected?
- Are employees provided with easy to recall tools and techniques to quickly identify cyber-attacks and how to terminate threats?
IT Security Training needs to provide easy to remember and use tools and techniques, that are combined with ongoing reminders and reinforcement. Only then will the behaviour of vulnerable employees change, and your organisation be protected from employee cyber security mistakes.