The Importance of Training and Testing
By Rob Chenault – VP Systems and Security
Serious athletes train almost every day to maintain peak performance. Similarly, your employees need regular training and testing on security to remain sharp and alert.
Many organizations conduct security training once a year. From my experience this is not enough for two reasons: First, the staff tends to forget many of the concepts covered by the training, and second – just like a physical virus, security threats can change and mutate, and you need to have the most relevant, up-to-date training available.
The second component to hardening your staff to attempted attacks is to test them repeatedly with simulated attacks that you can track. Many vendors will do the training part, not as many do the simulated attacks. We use KnowBe4, a company that allows us to train, test, and even get signoff on our policies and with this approach, we are pleased with a monthly test failure rate of just 1%. This is the plan we use:
- Annual comprehensive security training
- Quarterly training courses focused on one important topic like phishing awareness or how to create secure passwords
- Monthly security testing
- Remedial training for those that fail the testing
By continuously training and testing your staff you can significantly improve the security of your environment and equip your staff with the tools needed to be the front-line defense for your organization.