With all the discussion about the need to plan for and combat cyber threats, too many organizations leave their strategies to chance instead of taking simple proactive steps.
An Accenture report released before the pandemic found that the number of attacks and related costs was rising. The report noted that new work “arrangements,” specifically an uptick in the number of remote workers and contractors, made the need for employee security training all the more urgent. However, many companies still forego training for various reasons.
Some organizations mistakenly believe they are too small to be targeted or can otherwise fly under the radar. Others believe the costs outweigh the benefits, or it’s too difficult to work into the daily routine. Sadly, no one today is out of reach for those who want to cause trouble — whether an international corporation or a non-profit serving a local community.
Cyber Threats Are on The Rise
Accenture research also found 43% of online attacks target small businesses and that just 14% were prepared to defend themselves. The COVID-19 pandemic has only worsened the problem. Since the pandemic’s start, the FBI said it has seen a staggering 300% increase in reported cybercrimes. According to an IBM security report, the cost per breach averages $3.86 million.
With cybercrime on the rise, security awareness training becomes even more critical to organizations. By implementing a security awareness training program, your employees will have the necessary information to recognize cyber threats and use best practices when it comes to cybersecurity. The best news is that security training doesn’t have to break the bank or stand in the way of workflows. Just look at the Boys & Girls Club of Hawaii for a real-life example of how a non-profit could operationalize security training without compromising its daily obligations.
Trouble in Paradise? Not with Security Training.
When the Boys & Girls Club of Hawaii needed a company to provide its employees with security awareness training services, they turned to TPx. The non-profit implemented a 12-month cybersecurity awareness training program, where TPx delivers video-based modules and conducts phishing tests for employees.
Each month, employees are prompted to complete a new security module, which encompasses a short and test at the end, allowing employees to try out their newly acquired skills. Employees are able to view progress within the dashboard and view progress reports at the end of each course.
The training is designed to be interactive and helps employees understand real-life cyber threats. The lessons employees learn during the training modules get put to the test with phishing simulations, where employees must recognize phishing tactics outside a typical training module.
The most significant benefit of training isn’t necessarily the training itself but how employees apply their learnings to real-life scenarios.
Metrics Improve with Security Training
Each month, security metrics continue to improve, as employees more easily and confidentially identify phishing emails and handle them appropriately. The goal isn’t to embarrass employees or punish them for making a mistake but to educate them and give them the knowledge and tools they need to navigate today’s treacherous digital landscape.
The adage “practice makes perfect” aptly describes what should be today’s approach to cybersecurity. Bad actors continually become more sophisticated, and the only way to learn is to constantly train and test.
After all, if an employee falls prey to a phishing attack, wouldn’t it be better if it was during a training session rather than during a real security breach? There are no do-overs in real life, but there are in training.
To learn more about Boys & Girls Club of Hawaii leveraged Security Awareness Training to strengthen their cybersecurity, read the full case study.