Security awareness training, courses designed to teach employees about how to identify phishing emails and other online scams, are vital to every organization’s safety. But before you sign your company up to a program, here are several considerations to make:
- Is the training updated regularly? Technology changes rapidly; Hackers and other cyber criminals are continuously inventing new ways to fool people into clicking links, wiring money, or revealing passwords. Therefore, you need a training program that isn’t static and always adding new information to their programs.
- Are the courses fun, interesting, and interactive? Studies have shown that boring courses don’t connect with employees. Even if there is an interesting video, the learner could simply go and take a break while it is playing. You need modules that not only convey the important safety messages in a compelling manner, but also include an element of interaction to ensure the material is being understood.
- Is there a corresponding real-world testing mechanism? Education is important, but you also need a way to see if employees are taking the information to heart. A good awareness program includes some kind of simulator that will allow you to send phony phishing emails and monitor whether the links are clicked.
- Does it offer additional security tools? Programs that offer email plugins that add enhancements like quarantine or dynamic filters can further your protection beyond training and testing.
- Can it be monitored and administered remotely? Don’t add to your paperwork, use an awareness training program that can run itself. This will allow you to focus more on the results, not the administration.
The Answer? SecurityIQ
InfoSec Institute has addressed these considerations with their award-winning platform SecurityIQ. It consists of two programs, separate but intertwined, called AwareEd and PhishSim.
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Chris Sienko. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/pmE7HBaTrb0/