5 Reasons to Require Security Awareness Training
– a press release
“Ideally all employees should have been made part of the awareness training project and are motivated enough to do the training because they now understand the importance and want to stay safe on the internet, in the office and at the house.”
For Immediate Release – March 25, 2019
Muncie, Ind. – Our friends at KnowBe4 are the industry leader in security awareness training. Some organizations choose to make such training elective, others take the step to require training and use the experts at Deltec to manage the mandatory program. In the article linked below, Stu Sjouwerman, Founder and CEO of KnowBe4 provides five reasons this training should be required:
“… here are five very good reasons why security awareness training should be mandatory if there are any problems at all with employees declining to do the training.
- Compliance with regulation. If your organization accepts credit cards, you need to comply with PCI and you could use this as the reason this simply has to be done. There are many other regulations that require the same thing like HIPAA for healthcare and literally dozens of others. Here is a whitepaper about compliance management that explains more. (PDF)
- Preventing class-action lawsuits. As the cost per cybercrime victim continues to rise, any organization without security training is vulnerable to data breaches and, as a result, future class-action lawsuits. You simply are legally required to scale security measures to reflect the threat and take necessary measures to prevent phishing attacks. Here is a whitepaper with the details.
- Effectiveness. If you put a firewall in place, you close all ports by default, and only open the ones your applications need to function. The same is true for a human firewall. You do not let the ports decide by themselves if they are open or not. Anything else is an exercise in futility. All employees need the training.
- Hard Numbers. January 2018, we decided to redo our initial April 2013 analysis of average Phish-prone percentages and this time also break them out by industry and size. Now having a massive database to analyze, the new research uncovered some surprising results. The overall industry initial Phish-prone percentage benchmark turned out to be a troubling 27%. Fortunately, the data showed that this 27% can be brought down more than half to just 13% in only 90 days if ALL EMPLOYEES are stepped through awareness training. The 365-day results show that by following best practices, the final Phish-prone percentage can be minimized to 2.17% on average. See the full webinar.
- Defense-in-Depth: A layered security infrastructure is absolutely essential to protect against the growing variety of threats that your organization faces. Technology-based solutions are critical to protect you from phishing, spear phishing, account takeover attempts, ransomware, data breaches and the like. However, a robust security awareness training program is also essential to provide a backstop for situations in which malicious content makes its way through all the filters. New-school security awareness training enables all users to make smarter security decisions and become that extra, last line of defense. Here is a whitepaper with best practices for implementing security awareness training.”