• There are no suggestions because the search field is empty.
gray wave
Security | 2 min read

How Often Should You Do Cybersecurity Awareness Training?

Nick Bambulas
Written by Nick Bambulas

Can you remember the last time you had or administered any cybersecurity awareness training? Was it when you were first hired? A year after that? Whatever the case may be, chances are good that it’s been a while.

With how often the world of cybersecurity changes, it’s important for employees to stay updated with current best practices. If you want your employees to retain the cybersecurity tips that will help stop cyber attacks, regular refreshing is needed.

But exactly how often should you do cybersecurity awareness training?

The Right Training Cadence

How long can employees retain the information they’re taught in training? How often should you train so the effects don’t wear off?

Experts tend to agree that training should occur about two to three times per year — or about every four to six months. A 2020 study conducted by USENIX found that six months after training, employees had a harder time spotting phishing emails.

The key is to find the right cadence for your own employees. Use the four- to six-month timeframe as a starting point and test your employees regularly to see how well they recall their training. You might need to train more often at first, but as your users perform better in testing, you can go longer between training sessions.

Regular Training Really Is Necessary

The Mimecast State of Email Security 2022 Report, which surveyed 1,400 IT professionals representing companies across the globe, highlights some key reasons security training should be a priority:

  • Ransomware causes two days to two weeks of downtime
  • 75% of organizations were affected by ransomware in 2021
  • 38% of organizations suffered data loss due to a lack of cyber resilience preparedness
  • 80% were hit by an attack that spread from one infected user to others
  • 96% of companies faced phishing attacks

Despite all this, the same report found that only 23% of organizations provide awareness training on a regular basis

Think the costs and time spent on security training isn’t worth it at the end of the day? That couldn’t be further from the truth.

According to the same study, the average cost of a data breach is $4.24 million, which is up from $3.86 million the previous year. That’s a serious expense that could have devastating consequences for any business.

What Does Effective Training Look Like?

Great security training is a combination of the right information delivered in the right formats.

First, your training program needs to educate employees on a wide variety of potential cyber threats. Security training needs to cover not just phishing attempts, but all other aspects of cybersecurity as well. It should discuss topics such as:

  • Not oversharing work or personal information on social media
  • Ensuring sensitive info isn’t revealed on remote video calls
  • What social engineering is and how to not fall victim to it
  • Never using free public Wi-Fi
  • Why not to plug random USB drives into your PC
  • Proper password management
  • The importance of applying updates and patches

Second, you need to share this information in ways your employees will enjoy and engage with. Instead of a PowerPoint lecture, consider videos and interactive training. Mix in some humor and entertainment value for good measure. Don’t let cybersecurity awareness training become something employees dread..

If you’re ready to kick your employee training into gear, we can help you evaluate, select, and deploy the right training program for your organization. But first, you’ll need to take a closer look at your current state of cybersecurity.

How Prepared Are You and Your Employees?

Is your team trained on what to look out for in the event of a cyberattack? You don’t have to wait until you experience a threat to find out! 

We offer a free cybersecurity risk assessment tool that asks key questions about important topics, such as security awareness, software, defenses against malware infection and more. Click the link below to take the quick and convenient assessment, and we’ll be in touch with possible next steps on how you can ensure you’re as airtight on your cybersecurity as possible.

Sensitive data at risk

You May Also Like

These Stories on Security

Subscribe by Email