A new study carried out by Mimecast has produced some interesting security mindfulness training figures for 2018. The survey shows a lot of companies are taking substantial risks by not providing sufficient training to their workers on cybersecurity.
Question the IT department what is the greatest cybersecurity danger and several will say end users. IT teams put a considerable amount of effort into applying and maintaining cybersecurity fortifications, only for employees to take actions that introduce malware or lead to an electronic mail breach. It is understandable that they are annoyed with employees. Most
However, it doesn’t need to be like that. Businesses can create a strong last line of protection by providing safety awareness training to employees to help them identify threats and to prepare them how to respond and report difficulties to their IT group. The difficulty is that a lot of businesses are failing to do that. Even when cybersecurity teaching is provided, it is often insufficient or not obligatory. That means it is just partly effective.
Mimecast’s security awareness training figures show that just 45% of firms provide workers with recommended safety awareness teaching that is obligatory for all employees. 10% of firms have training programs available, however, they are only voluntary.
Explore deeper into these safety awareness training statistics and they are not quite as they appear. Certainly, 45% of firms provide obligatory cybersecurity training but, in many cases, it falls short of what is needed.
For example, only 6% of firms provide monthly training and 4% do so three-monthly. For that reason, just 10% of the 45% are providing training regularly and are adhering to acceptable industry standards for safety. 9% of the 45% only provide safety awareness training when an employee joins the company.
The training processes used proposed safety awareness training, for a lot of businesses, is more of a checkbox item. 33% provide printed lists of cybersecurity guidelines or electronic mail instructions even though several employees will simply
30% issue prompts concerning possibly risky links, in spite of that little is done stop employees actually clicking those links. Businesses are in its place relying on their employees to know what to do and to take care, even though formal cybersecurity training is often lacking and they lack suitable skills. Only 28% are using interactive training videos that involve users.
These safety awareness training figures show that firms clearly need to do more. As Mimecast proposes, effective safety awareness training means making training obligatory. Training must also be a continuous process and simply handing out
You must involve workers and make the training more enjoyable and ideally, amusing. “The easiest way to lose your audience is by making the training dull, unconnected