Here’s a question I hear more often than I should… “Why do employees need security awareness training more than once a year?”
Well, after teaching teams for over 10 years, it’s become clear to me that “delivering security training just once per year is virtually a waste of time and money.”
[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.4.6″ custom_padding=”5px||8px|||”][et_pb_column type=”1_2″ _builder_version=”4.4.6″][et_pb_text _builder_version=”4.6.0″ hover_enabled=”0″ sticky_enabled=”0″]There are 3 reasons why I say this…
1) When employees are only exposed to awareness training once per year, or once every 6 months, they see it more as a “compliance” requirement… something they must “endure”, not something that impacts their behaviour the rest of the time. What we need is for employees to be constantly engaged to be able to recognize the risks they are facing on a daily basis, and how to handle them.
[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.4.6″][et_pb_video src=”https://youtu.be/Liv0bzXsUPI” _builder_version=”4.6.0″][/et_pb_video][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.6″ custom_padding=”8px|||||”][et_pb_column type=”4_4″ _builder_version=”4.4.6″][et_pb_text _builder_version=”4.6.0″ _module_preset=”default” hover_enabled=”0″ sticky_enabled=”0″]
2) Employees may not see a particular attack for a period of months, and may forget how to spot it when it does show up. So, they need to be continuously sensitized to these randomly appearing threats.
3) Attackers are constantly evolving their tactics to evade detection, in a “cat and mouse” game. As we get better at detecting and avoiding the latest attack, attackers will change their tactics, and employees will be faced with new situations that look plausible or believable. And without recently being exposed to what the new threats look like, they will be more likely to fall for them when they appear.
It just makes sense that your cyber security awareness program needs to be continuous.
With global cybercrime growing constantly, and employees not getting any better at spotting the basic phishing and social engineerng attacks, they will increasingly fall for them. At some point, “something’s gotta give”.
Organizations will realize that the old methods just don’t work when attackers can easily craft new ones. We to be more proactive in managing these human risks, rather than treating them as a compliance exercise.
To learn how you can implement continuous cyber security awareness training for your team easily and effectively, without making people want to gnaw their own arms off, you can visit clickarmor.ca
If you found this episode interesting, please subscribe to the Click Armor Youtube channel.
[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.6″][et_pb_column type=”4_4″ _builder_version=”4.4.6″][et_pb_post_nav prev_text=”Previous Post” next_text=”Next Post” _builder_version=”4.4.6″ title_text_color=”#ffffff” background_color=”rgba(14,79,136,0.68)” custom_padding=”5px|10px|5px|10px|true|true” border_radii=”on|4px|4px|4px|4px” border_width_all=”1px”][/et_pb_post_nav][/et_pb_column][/et_pb_row][/et_pb_section]