Is Your Staff up to Speed on Security?

Published 5/2/24

Here is a quick fact to get your attention: According to a study done by Stanford University 88% of data breaches are caused by human error.  Some of that is mis-configuration of the IT systems, but most of it is staff falling victim to phishing attacks.   

Most employees want to protect the organization, but it is not their primary job and gets lost when they are overloaded. Serious athletes train almost every day to stay sharp.  Similarly, your employees need regular training and testing on security to remain sharp.   

Many organizations do security training once a year.  From my experience this is not enough for two reasons:   

• Staff tend to forget many of the things covered by the training quickly 

• The security threats change, and you need to have the most relevant training available.   

The second component to hardening your staff is to test them with simulated attacks that you can track. There are many vendors out there that will do the training component, not as many do the simulated attacks.   

We use a company called KnowBe4 that allows us to train and test our staff. The plan we use allows us to do: 

• Annual comprehensive security training 

• Quarterly smaller training courses focused on one important topic like phishing awareness or how to create secure passwords 

• Monthly security testing 

• Remedial training for those that fail the testing   

In one year, we went from a monthly test failure rate of 25% to a failure rate of 1%. That is a huge drop in exposure!   

By continuously training and testing your staff you can significantly improve the security of your environment and equip your staff with the tools they need to be the front-line defense for your organization.