Security Awareness Training Done Right
| When the anatomy of successful cyberattacks is analysed, nearly all of them have one thing in common – some user, somewhere, did something that could have been avoided. Despite the most advanced protections that can be put in place, despite the best threat intelligence that can be brought to bear, organizations remain vulnerable because of one key factor: human error. |
Research shows that 90%+ of breaches involve human error; and in 2018, organizations faced a 27% chance of suffering a major data breach involving 10,000 records or more. Those types of massive breaches came with an average cost of four million dollars each to remediate. Clearly, human error is not to be taken lightly.
People are – and likely always will be – the weak link in the chain. Yet, efforts to reduce the very real risk they represent are failing. Organizations are pouring billions into security and awareness training, but these investments are not translating into results. In fact, the probability that companies of all types and sizes will experience a security breach is greater today than it was four years ago. Something needs to change.
Oh, The Human Error…
Why are people such easy targets when it comes to cyberattacks? The greatest factor is the propensity of humans to be just that – human. The vast majority of mistakes are completely innocent and – more importantly – avoidable, with the most common causes being lack of knowledge, lack of attention, and lack of concern. Security training typically fails because it doesn’t take these realities into account. In other words, it doesn’t reflect how people work and learn today. It’s delivered too infrequently (what did IT say I should do when I get a suspicious email?). It’s long, dull, dry, and boring (I’ll pay attention in a second… just have to send this one email). And employees often feel targeted, rather than supported (“did IT really just try to trick me with this fake phishing email?”).
The Key To Engagement – Humour
Training systems typically rely on fear to drive engagement. That works. For a short time. Then employees become desensitized, resentful, and unresponsive. Is that really the way? Not in our view. We rely on fun and humour to engage. Studies show that humour releases dopamine in the brain, which is positively correlated with goal-oriented learning results and long-term memory retention. Humour works with students of all ages. Educators have shown that using humour with any age of student – from kindergarten through college – drives better performance. And humour will work with your employees too. Our security training is built to make you chuckle. Each training module is anchored on a 2-3 minute video, written by real movie & TV comedy writers and acted by entertainment industry pros. In a few minutes per month, you will get a dose of knowledge, learning what to do through mini-sitcoms you won’t forget. The training videos are the foundation of a focused, complete, and effective system that imparts and reinforces crucial knowledge.
| Back to Reality… |
| Although we are trying to make this is as much fun as possible, there is purpose behind all of this madness -making sure our staff is educated and aware of these risks we ensure we have a safe and stable environment with minimal disruptions to our business, clients and investors -creating a happy place! In the coming days you will receive an email from the Mimecast ATAATA platform to complete these short modules -they are compulsary for every employee to complete, and you will receive reminders if you have not completed a module. Each month you will receive one new module to complete, and these will build up over the course of the year determining your superhero score! |
For those looking for the security awareness policy, you can find it at: https://docs.tvst.co.za/books/information-security/page/security-awareness-policy
Use your username (without TTS\) and password to log in.