We’ve Got This: Security Awareness Training

by | Sep 2, 2020 | Managed Services

These days, organizations are forced to navigate uncertain waters, resources are stretched as thin as ever, and workers are adapting to new workstyles. Through it all, Peters & Associates wants you to know that we have your back. As part of our 6-part webinar series, every two weeks we’ll be sharing solutions for supporting, managing, and securing your IT environment – whether workers are back in the office or working from home. Check out the schedule below to catch up on webinars that you’ve missed or register for our remaining webinars.

On September 2nd, we held our fifth webinar in our series, Security Awareness Training. During that presentation we discussed the concept of the new security perimeter, the elements of an effective security awareness training program, and how Peters & Associates helps our clients and their employees to become cybersecurity warriors. Read on to get caught up or check out the full recording below.

The New Security Perimeter

10 years ago today, Microsoft Azure (then called Windows Azure) was only 7 months old. Meanwhile, Office 365 was still 9 months from its public launch. By 2016, there were 60 million businesses using Office 365 and cloud growth has accelerated. The IT landscape has changed rapidly; our security measures need to adapt.

What has this change meant for IT security? Everything. 10 years ago, organizations primarily kept all their applications, data, and the devices accessing those resources in the same building or between data centers that the organization maintained some control over. From a security perspective, that meant that an organization’s firewall was their security perimeter. Now, with more workloads spread across more datacenters and more employees working remotely, the user identity is the new security perimeter. That identity unlocks access to your organization’s data and applications.

We’ve seen attackers’ methods shift to this focus too. Verizon’s 2018 Breach Investigation Report found that 92.4% of malware is delivered via email. We covered this in more detail in our August 19th webinar, “We Got This: Securing Office 365.” In short, technology has its limitations when it comes to filtering out bad emails. Another way to look at this problem is the classic “People, Process, Technology” diagram. Each of these elements plays an important role in IT security, even non-IT employees. The diagram below highlights some of the ways the areas in which employees should be trained.

security awareness training

Effective Security Awareness Training

All security awareness training programs are not created equally. The success or failure of your security awareness training program will be dictated by the following factors:

  • Organizational commitment at the highest levels
  • The frequency that you engage your employees
  • The methods that you use for educating your employees
  • The motivational tools that you leverage to encourage high performance
  • The frequency of testing and feedback

In general, the most successful organizations will have high commitment and encouragement from the top of the organization, provide frequent training and testing, leverage multiple interactive training methods, and reward employees for alerting IT about suspicious emails.

Ultimately, organizations cannot hope for 100% success for all employee’s identifying malicious emails. However, the goal should be to improve over time. Find the baseline for your organization by running a phishing test campaign prior to the start of your program. Then, set a goal for reducing your click rate over time. For example, reducing click rate from 15% to 2% in your monthly phishing tests.

Essential Managed Services: Security Awareness Training and Microsoft Training Management

Building a successful Security Awareness Training program requires both an organizational commitment to security and dedicated experts to provide guidance and lead the effort. Training programs need to help non-technical employees understand their role in security, provide engaging training materials, and regularly assess the organization’s progress.

Peters & Associates provides managed security awareness training services. Customers rely on P&A to provide on-demand interactive training, monthly phishing tests and reporting, and annual face-to-face training to engage employees. P&A provides the heavy lifting of a security awareness training program and partners with customers to guide the organization to higher levels of security.

Our team can help to improve your organization’s most vulnerable defense layer – turning your employees into cybersecurity warriors. Meanwhile, you can focus your energy on supporting your employees and advancing your organization.

Looking to Learn More?

  • You can download the slide deck here.
  • Watch the full webinar below