Employees are a critical part of an organization’s defense against many IT security threats. Just as having the correct technology solutions is important, training personnel to recognize security threats is a critical part of any security strategy. As part of that strategy, organizations must consider both the content and the training methods. Training that does not engage employees or provide for continuous learning and reinforcement is not sufficient to truly make employees more security aware.
Interactive training methods are known to be far more effective at not only engaging attendees but also improving retention of content. These include programs that present employees with realistic content, security scenarios, and even simulated phishing attacks. These methods also are more continuous in nature. Rather than having an employee attend a lecture and forget the content a week later, continuous training can be directed to present employees with shorter bursts of training at multiple points throughout the year.
Of course, the final piece to effective training is measuring success. Unfortunately, many security training programs still measure effectiveness only through attendance. However, attendance cannot measure the most important factors such as how much employees are retaining and changes in behavior that ultimately identify how much less likely they are to fall victim to an attack.
To achieve security awareness, and thus effective defense, companies must employ comprehensive, interactive training. This training must be updated regularly, and its effectiveness must be measured through strategies, or other metric such as employee susceptibility to attack, post-incident follow-up, and improvement tracking.
Because security awareness training is a requirement of the Office of Legislative Affairs and the University System of Maryland Security Standards, UMB has decided to partner with KnowBe4, the world’s most popular integrated security awareness training and simulated phishing platform.
Realizing that the human element of security was being seriously neglected, KnowBe4 was created to help organizations manage the problem of social engineering through a comprehensive, new-school approach to awareness training. This method integrates baseline testing using mock attacks, engaging interactive training, continuous assessment through simulated phishing and enterprise-strength reporting to build a more resilient organization with security top of mind.
You will be hearing more about KnowBe4 as we work to roll this out to the UMB campus over the next few months.