Did one of your employees click on a phishing email for the 3rd time in 6 months? Is everyone complaining about the annual cybersecurity training webinar they have to attend? Your security awareness is lacking, putting your company at risk.
The problem is that popular methods of training employees on phishing and not downloading suspicious files are ineffective, and in some cases, even counterproductive. Embedded training, or mandatory training after an employee fails a phishing test, doesn’t work according to many studies.
Knowledge and awareness don’t change employee behavior. What’s successful are continual reminders about security and training, which have a positive influence on employees’ attitudes towards security. They shouldn’t see themselves as part of the problem but as part of the defense.
Everyone is different, so a one-size-fits-all program won’t be effective. The successful program makes adjustments to suit your business and employees. If you’re a Microsoft 365 customer, Microsoft offers a security awareness program that makes it easy to get started.
Other highly rated programs for small businesses are NINJIO Security Awareness, Hoxhunt, and KnowBe4 security awareness. The critical considerations in any cybersecurity awareness program are changing employee behavior, making employees feel like participants in cybersecurity, and having something they enjoy using or at least don’t dread.
Author: Kris Keppeler, a curious writer who finds technology fascinating. Follow her on X (Twitter) @KrisNarrates, on Medium.com @kriskeppeler, and LinkedIn.
Small Business Solutions 