How To: Make Your Security Awareness Program A Success
Your Users are critical to securing your organization. Let's see how to make that happen!
You already know the statistics - 91 out of 100 attacks is the result of human error.
So let's just train up those users!
But alas, behavior change is hard.
So your Security Awareness Training program becomes even more important. (yes, how convenient for me...)
What does it take to make your Security Awareness program a success?
Let's take a look at the lifecycle of Manual vs Automated Programs:
Month 1 (Manual):
Onboard Users - get all your team enrolled, everyone who needs that Training. Every. Single. One.
Whitelist Senders - to ensure all the Training reminders and Phishing tests land in inboxes, not in spam!
Choose Courses - this can be very tricky. You'll need to sift through dozens, hundreds or thousands of courses to figure out which ones are right for your organization.
Choose Cadence - determine how often you want your team Trained. We recommend at least quarterly.
Send Initial Training Reminders - it's time to fire off that first course to your team!
Build Phishing Templates for Month 1 - get ready for this: your team needs varied Phishing templates every month, at least 2 fresh Phish per 20 employees, every month
Phish your team - and here's the fun part, sending out those Phishing emails to the team!
Ok, as long as that didn't take the entire month, you're on your way! Now let's take a look at Month 2.
Month 2 (Manual):
Re-send Reminders to Training "Laggards" - sadly, not all of your users will take Training right away. So here's the first time you have to track and follow up with every single one of them.
Find Phishing Clickers - go through your team's Phishing test results to locate your Phishing clickers, i.e. those putting you at risk!
Assign Remedial Training - ensure that your risky employees (i.e. those Phishing clickers) are getting additional opportunities to learn
Build Phishing Templates - remember that we have to keep our Phishing content fresh to avoid your team getting used to the templates, making testing irrelevant. So get to building!
Phish your team - and back to the fun part, fire off those fresh Phish
It's starting to get to be a lot, but it's only Month 2. It gets easier, right?
Month 3 (Manual):
Re-send Reminders to Training "Laggards" - again?! Yes, again. And again. Find 'em, remind 'em.
Find Phishing Clickers - hold on... people are STILL clicking?! Yep! And it ain't over yet.
Check Spam Folders - sadly, even with solid whitelisting, you might find a lot of Training and Phishing emails landing in spam.
Assign Remedial Training - practice makes perfect!
Build Phishing Templates - better stay creative! And find a bunch more free time...
Phish your team - Phew! back to the fun part...
Nope - not easier. The tasks pile up as the Training continues.
Rather than going through Month 4+ and highlighting the challenges of reminding your laggards who are now TWO courses behind, let's take a look at an automated program.
Month 1 (Automated): And since INFIMA has set the standard for Automated Security Awareness Training, we'll take a look at our program (again, I fully get the convenience of that statement - also it's truth!)
Onboard Users - sync with Office 365 or GSuite, and you're set!
Whitelist Senders - did I mention we included that in the sync above. So that's done.
All the rest - yep, that's done too.
Wondering what Month 2 looks like?
Month 2 (Automated):
We make it easyto Train your team effectively and easily.