Nick Deacon Elliott, VP of Sales & Operations at Boxphish, had the opportunity to speak with Expert Insights about the best practises to implement an effective cyber security awareness training programme and simulated phishing campaign.
A huge thank you to Megan Rees from Expert Insights for the opportunity to share our thoughts. A summary of the interview is below or for the full interview, take a look here.
Why Implement A Cyber Security Awareness Training Programme?
A statistic that can’t be ignored is that a huge percentage of security breaches are caused by human error, in excess of 90%.
To tackle this issue, organizations are looking to implement security awareness training solutions that are designed to educate and train employees to identify malicious emails and attacks, and to think before clicking.
“We’ve seen a big boom in the last six months, with organizations adopting cyber security awareness training that previously didn’t have a training solution in place,” Deacon Elliott tells us. “People are starting to see the importance and value of having an empowered and trained workforce.”
How to ensure the experience is engaging for your staff?
It all starts with ensuring the content has a purpose. Your end users need to be clear on the Why?
What is the benefit, why are we implementing this programme, why are my IT Team sending me simulated phishing emails?
At Boxphish we believe the key to an effective Cyber Security Awareness Programme is to clearly articulate the why? This can be done in a variety of ways;
- Highlight that Cyber Crime is a real threat and can have severe consequences
- Link cyber attacks to both personal and work life, an effective Cyber Security Awareness Training programme should cover both
- You are not asking for hours a month, an effective campaign should take no more than 5 minutes per month of your employees time
- Ultimately end users are responsible and should be accountable for their actions, it is key that you empower your staff so they know how to keep themselves safe in their digital life
- Simulated Phishing – let your end users know that there are tests coming, these are used to measure the effectiveness of your Cyber Security Awareness Training campaign not to call people out. They are a great measure of real time analysis and highlight who needs extra support
The Boxphish Solution
“We deliver solutions to develop the human firewall,” Deacon Elliott tells us. “In terms of key challenges that we help our customers address, it’s initially just identifying any vulnerabilities or weak points within their organization and addressing those and then we build and develop from there”
How does the Boxphish Solution work? Firstly we look to identify any underlying issues via simulated phishing and account takeovers. Secondly we implement a continuous and bite-sized learning experience to users, typically once per month and finally we pull this data together into a detailed report, we refer to this as our Human Risk Report.
For ease of deployment the solution is also tightly integrated with Office 365 and as admin-less as possible to ensure rapid and effective deployments.
Advice For Organizations
Be proactive and get on the front foot of your Human Firewall programme, around 70% of organisations currently don’t have a structured approach to Cyber Security Awareness Training, join the 30% who have begun to address the last line of defence or in some cases, the weakest link. We would be delighted to speak with you about your programme, you can contact us here:
Finally a huge thank you to Megan Rees from Expert Insights for providing us with the opportunity to share our thoughts.
The full article can be found here: https://expertinsights.com/insights/developing-the-human-firewall-implementing-an-effective-security-awareness-training-program/