Here’s a question I hear more often than I should… “Why do employees need security awareness training more than once a year?”

Well, after teaching teams for over 10 years, it’s become clear to me that “delivering security training just once per year is virtually a waste of time and money.”

There are 3 reasons why I say this…

1) When employees are only exposed to awareness training once per year, or once every 6 months, they see it more as a “compliance” requirement… something they must “endure”, not something that impacts their behaviour the rest of the time. What we need is for employees to be constantly engaged to be able to recognize the risks they are facing on a daily basis, and how to handle them.

 

2) Employees may not see a particular attack for a period of months, and may forget how to spot it when it does show up. So, they need to be continuously sensitized to these randomly appearing threats.

3) Attackers are constantly evolving their tactics to evade detection, in a “cat and mouse” game. As we get better at detecting and avoiding the latest attack, attackers will change their tactics, and employees will be faced with new situations that look plausible or believable. And without recently being exposed to what the new threats look like, they will be more likely to fall for them when they appear.

It just makes sense that your cyber security awareness program needs to be continuous.

With global cybercrime growing constantly, and employees not getting any better at spotting the basic phishing and social engineerng attacks, they will increasingly fall for them. At some point, “something’s gotta give”.

Organizations will realize that the old methods just don’t work when attackers can easily craft new ones. We to be more proactive in managing these human risks, rather than treating them as a compliance exercise.

To learn how you can implement continuous cyber security awareness training for your team easily and effectively, without making people want to gnaw their own arms off, you can visit clickarmor.ca

If you found this episode interesting, please subscribe to the Click Armor Youtube channel.

Phishing Awareness Training

Phishing and spear phishing attacks threaten businesses of all sizes and industries and open the door to costly ransomware.

Social Engineering Awareness Training

Social engineering scams are becoming a serious hazard to business data and finances.

Active Awareness Platform

Experience the power of gamified learning with Click Armor. Take your security awareness training to the next level.

Cyber Security Awareness Training for Remote Workers

With the rush toward home-based work, employees are now vulnerable to new cyber security threats.

Blog / View All

Media