Cybersecurity Awareness Training: Why Every 4 Months Matters
You’ve completed your annual phishing training, teaching employees how to spot phishing emails. But despite this effort, your company suffers a costly ransomware infection months later from a phishing link click. Why does this happen? Because training needs to be reinforced regularly for it to be effective.
Training every year isn’t enough. In fact, it turns out training every four months is the “sweet spot” for seeing consistent IT security results.
Why is cybersecurity awareness training every 4 months recommended?
A study presented at the USENIX SOUPS security conference examined employees’ ability to detect phishing emails at different time intervals after training:
- 4 months
- 6 months
- 8 months
- 10 months
- 12 months
Results showed that four months after training, employees’ scores were strong. However, by six months, performance began to deteriorate, with scores continuing to decline as time passed. Regular training and refreshers help maintain strong security awareness and improve employees’ ability to identify phishing attempts.
Tips on what & how to train employees to develop a cybersecure culture
The ultimate goal is to foster a cybersecure culture in your organization. This culture ensures that employees understand the importance of protecting sensitive data, avoiding phishing scams, and securing passwords.
According to the 2021 Sophos Threat Report, one of the greatest security threats is a lack of attention to basic security hygiene. Poorly trained employees increase the risk of cyberattacks. Thankfully, security training doesn’t need to be long or tedious. Mix up your training delivery to keep employees engaged:
- Self-service videos emailed once a month
- Team-based roundtable discussions
- “Tip of the Week” in newsletters or messaging channels
- IT professional-led training sessions
- Simulated phishing tests
- Cybersecurity posters
- Celebrate Cybersecurity Awareness Month in October
Key topics to include in your training
While phishing is a significant topic, it’s not the only thing employees need to know. These are some of the critical topics to cover:
Phishing by Email, Text & Social Media
Email phishing remains the most common, but SMS phishing (smishing) and social media phishing are on the rise. Employees need to recognize these phishing attempts across all platforms.
Credential & Password Security
Credential theft is the leading cause of data breaches globally. With more businesses using cloud-based platforms, educating employees on securing passwords and using tools like password managers is essential.
Mobile Device Security
Since mobile devices are integral to workplace productivity, train employees on securing their devices and ensuring they are updated. Protecting devices accessing business data is crucial.
Data Security
With rising data privacy regulations, train employees on proper data handling practices to mitigate the risk of data breaches and compliance penalties.
Need help keeping your team trained on cybersecurity?
Let our cybersecurity professionals take the stress of training off your plate. We offer engaging training programs designed to change behaviors and improve cyber hygiene. Drop us a line at contact@dvnt.ca to learn more!