It’s no secret that one of the pillars of good cybersecurity is a well-trained team. Employees that receive regular IT security awareness training and learn skills like phishing detection can help reduce the risk of a cyberattack for their company by 45%-70%.
But too many companies think that a once or twice per year training is enough. They’ll have their employees go through the basics of phishing identification and password security, but then not revisit it again until the next training.
They expect training to be a “one and done” thing. But it doesn’t work that way.
In order to develop a culture of cybersecurity and strong phishing detection skills, employees need to receive training and refreshers on an ongoing basis.
What’s the best interval for employee IT security training? It turns out that it’s about every four months.
Phishing Study on Employee IT Security Training Retention
At a recent cybersecurity conference called USENIX SOUPS, an important study on employee training was presented.
The study looked at how fast employees forgot their cybersecurity awareness training, specifically, phishing identification. Employees were tested at varying intervals after they initially received training on how to spot phishing emails.
The study tested employees on phishing skills retention at the following time increments after training was first given:
- 4 months
- 6 months
- 8 months
- 10 months
- 12 months
Employees tested well four months after receiving their cybersecurity awareness training. But at the 6-month mark, they tested worse. They had forgotten some of what they learned.
Each 2-month increment after that, their scores continued to fall, as they remembered less and less of the training that they had been given on phishing detection.
Thus, it was found that about every four or five months is the optimal time to refresh employee security awareness training.
Tips for Effective Employee Security Awareness Training
Company networks are only as strong as the weakest link. Often, that link is human. Cybersecurity researchers at Stanford University found that approximately 88% of all data breaches are the result of human error.
Fortify your team with these tips to make your employee IT security training more effective.
Use Video
People retain about 95% of a message they receive via video as compared to just 10% when reading text only. Video is a great way to make security awareness training engaging and memorable.
Short videos on different topics each month keep everyone’s skills sharp.
Use a Mix of Different Message Channels
People learn things in different ways, AND the more you repeat a message, the higher chance it has of being retained. For these two reasons, it’s smart to use a mix of different channels for your cybersecurity awareness training.
We talked about video already. You can also use a “tip of the week” format where you put a short cybersecurity tip in a team messaging channel or internal newsletter.
Two other message channels you can use are employee round tables and team training that focuses a full day on the importance of cybersecurity.
Training with an IT Professional
At least one of the training sessions you do with your team each year should be with an IT professional, like AhelioTech. We can answer the tough questions about cybersecurity, human error, and password security.
We also know the latest trends going around in the IT security world and can ensure your team is clued in to what they need to know.
Another benefit of working with your IT service provider for your employee security awareness training is that they will know your network security specifics and can personalize the training.
Conduct Periodic Phishing Simulations
How do you know if your team has the skills needed to ward off phishing? How do you know employees are retaining things they’ve been taught?
One of the best ways is to conduct an unannounced phishing simulation. During this test, an IT professional will send convincing, but safe, phishing emails to your team to test their detection skills.
They won’t know to expect them, which is key. This way you get an accurate picture of how well your team is identifying threats coming into email inboxes.
Celebrate Cybersecurity Awareness Month
Every year, October is celebrated as cybersecurity awareness month. Take advantage of all the free resources offered by the Cybersecurity & Infrastructure Security Agency (CISA).
Recognizing this month reinforces the message of security in the workflow as well as can give your employees some engaging special events they can take part in.
Making everyone a part of cybersecurity responsibility is important, and emphasizing it during October highlights how everyone has a part to play.
Need Help Reducing Human Risk in Cybersecurity?
AhelioTech can help your Columbus area business with effective employee security awareness training and other security solutions.
Contact us today to learn more. Call 614-333-0000 or reach out online.