Our apologies if we sound a bit hot under the collar, but at KnowBe4 we are passionate about security. Perhaps other types of training can be drawn out and fragmented, but we are dealing with IT security here, and employees are the weak link! More and more, you see training companies promote their security awareness computer based training products as ‘modular’ as if that is something good. It’s not.

They break their training in small modules, split up by security topic, and say that this is better. It’s not.

They say that this is the way people learn and work. It’s definitely not.

They claim that short lessons are easy to learn. That is patent nonsense. Is a 10 minute lesson in astrophysics easy to learn?

They say that one lesson a month, each with a different security awareness topic, is the best approach. It’s actually an invitation to a data breach or a ransomware attack. Would you install a firewall and slowly, over time, block the ports you need to defend?

There is a massive problem with this approach: Security Training Fragmentation causes a Knowledge Gap

  • You want all your employees, as soon as possible, to understand and be armed against the most important attack vectors right away.
  • Employees should get the high-risk online dangers in one up-front training session, integrated and reinforced multiple times within that initial training session. That is the only responsible way to deploy security awareness computer based training.
  • With all employees knowing the important online dangers, there is group agreement and peer pressure in the direction of secure behavior.
  • You don’t want to start with training them about phishing and only weeks or months later train them about social networking. That leaves a social engineering hole big enough to drive a truck through.
  • If you want to keep all employees on their toes with security top of mind, do that with continued testing. Sending a simulated phishing attack a few times a month is extremely effective to keep them alert, and a proven way to dramatically decrease their Phish-prone percentage.

Based on Kevin’s 30+ year unique first-hand hacking experience, you now can train employees to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks.       

Get the latest about social engineering

Subscribe to CyberheistNews