The Five Generations Of Security Awareness Training

    1. Do Nothing

    Do Nothing approach to Security Awareness Training

    We don’t really do security awareness training and rely on our technical solutions for IT security. (Firewall, spam filters, Intrusion Detection, etc.)

     

    2. The Break Room

    Sacurity awareness training death by powerpoint approach

    We gather employees for a lunch & learn and show them a slideshow of what to avoid when surfing the Web, in emails from unknown sources, etc. (usually in-house created “death-by-PowerPoint” training.)

     

    3. The Monthly Security Video

    Monthly security awareness training video approach

    We have employees view incomplete and disjointed security awareness training videos to learn how to keep the network and organization safe and secure. 

     

    4. The Phishing Test Approach

    Phishing Test approach to security awareness training

    We pre-select certain groups of employees, send them a simulated phishing attack, see if they fall prey to the phishing attack, and train them only if they fail. 

     

    5. The Human Firewall Approach

    Human firewall approach to security awareness training

    We regularly test everyone in the organization and find the percentage of employees who are prone to phishing attacks. Next, we train everyone on all major attack vectors and keep sending simulated phishing attacks to everyone on a very regular basis. 

    Get the latest about social engineering

    Subscribe to CyberheistNews