It’s hard to run a business AND know how informed your people are about Cybersecurity.
Everyone in your business using an email address is at risk of hurting you – usually without even realising.
You need to do something and that’s why you’re here. Your FREE eBook explains how our systematic, automated, weekly training system can economically upskill all your staff in the black art of cybersecurity; demonstrating various ways seemingly innocent communications can mask the most insidious objectives.
In this guide, you’ll find out what works in Cybersecurity training, delivered in regular (weekly/fortnightly/monthly) 10-minute blocks.
The courses are personalised, targeting weaknesses first, indicated by the initial GAP Analysis questionnaire (about 15 minutes) sent to all staff.
iSAT training can be a bit of fun, a talking point, and even something that gets those competitive juices flowing.
And all in a good cause – protecting your business from Cybersecurity hacks. And we promise not to hound you; we just need to ensure only ‘real’ businesses access our valuable downloads.
Download latest report from Sophos here:
Sophos: The Future of Cybersecurity (2022)
Training your staff to be cybersecurity aware is the first step on your way to cyber security. And it's not only the most effective, it's economical, too.
What are the 4 Key ingredients to a successful training program?
And what the 12 different topics covered in our 36 week program.
It's not managed if it's not measured.
Find out who your star performers are and more importantly who needs more help.
OK, OK, OK ... you already know all this stuff and want to get down to the nitty gritty.
Get our latest FREE 2022 Cybersecurity eBook and find out why it's so important for your business.
Because security awareness training works
The effectiveness and ROI for security awareness training can vary based on a number of factors — including format, channels and frequency.
But, if done right, employee training can be a highly successful solution for reducing human error, improving everyday security behaviour and achieving key standards of regulatory compliance.
In a recent study, 80% of organisations said that security awareness training had reduced their staffs’ susceptibility to phishing attacks. That reduction doesn't happen overnight, but it can happen fast — with regular training being shown to reduce risk from 60% to 10% within the first 12 months.
Even the least effective training programs have a seven-fold ROI, and the average performing program results in a 37-fold return on investment (ref: Ponemon Institute)
The graph below gives a visual insight into one study that measured how staff were able to recognise threats before and after training:
All of this ROI stuff sounds great, but how is it calculated?
With so many different factors playing into the ROI of security awareness training — including company size, location and training costs — it's pretty difficult to produce an accurate prediction of figures that can be relevant to every business.
That being said, Osterman Research has produced one of the most renowned costs and ROI models developed for security awareness training.
Their study showed that, on average, smaller businesses (under 1,000 employees) can achieve an ROI of 69% from a security awareness training program, while larger companies (1,000+ employees) can achieve an ROI of 562%.
The caveat here is that the report has been based on a range of assumptions — which you can check out in more detail here — including costs of operations and the potential loss of customers and revenue, which obviously varies from business to business.
But don't get too lost in the data. The key point is — training does work.
Four ways to make your security awareness training work
To make your employees' training as effective as possible, there are a number of key ingredients that you need to include:
#1 Keep it regular
According to USENIX, employees will start to forget their training after four months, so delivering regular awareness sessions is key for making sure that the information is kept fresh in their minds.
As seen in the report above, many businesses are opting to train staff on a monthly basis to keep information fresh in the mind.
This may sound like a lot, but this type of training is often delivered through bite-sized and computer-based (CBT) courses to avoid learning fatigue and any hindrance to productivity.
#2 Keep it engaging
Rather than broadcasting a checklist of points during a PowerPoint presentation, try to deliver more memorable video and interactive computer-based training courses.
#3 Cover the essential topics
It's easy to think that training staff on how to spot a phishing attack is enough to reduce human risk, but narrowly focusing on a select few topics leaves the door wide open for human error and successful attacks.
Your employees' ongoing training should cover a wide variety of behavioural tips, attack techniques and compliance standards. Our Top 12 Security Awareness Training topics include:
#4 Launch practical phishing simulations
So you've trained your staff on how to spot a phishing attack? That's great, but how will they react when a fraudulent email from finance actually drops into their inbox, asking them to pay an invoice 'asap'?
By running employee phishing simulations, you're able to detect which employees would fall victim to a real-world attack, giving your business a chance to proactively educate that person on what they missed.
Finally, measure the impact of training
It's important to measure the impact of training so that your business can:
Running a quick quiz at the end of each training session is a good way of understanding what each person has learned.
With our training program, each employee is quizzed straight after their course, with their results being saved and added to their individual profile as well as contributing to the business' overall human risk score.
How to get started on the right track
The bare essentials of any effective security awareness training program come down to training staff frequently, using engaging material, covering the essentials and measuring the ongoing impact.
But finding the time and budget to plan, deliver and manage this type of training can seem like a pretty big drain on resources for IT and the business as a whole.
That's why we're offering a complete guide to security awareness training to help you launch cost-effective and admin-lite security awareness training from day one.
Want to know more?
Get your FREE eBook now for a deep-dive into Cybersecurity Training - keep you, your business and your staff safe online.