Employee Security Training: We do it too!

At ONE 2 ONE, we talk a lot about employee security training. Cybersecurity training is one of the first things we launch for our clients. Since 95% of data breaches are caused by human error, you can see why the training is a strategic piece of any good cybersecurity plan.

We walk the walk, too. All employees must take cybersecurity training and are encouraged to continue training. It’s important to remember, cybersecurity training is not a set-it-and-forget type of training.

Hi, my name is Chuck. I work in the sales and marketing department at ONE 2 ONE. In today’s post, I want to share how employees at ONE 2 ONE use cybersecurity training plus show you my employee security score. The goal is to show you the benefits of security awareness training and understand that you can roll it out in a fun way.

Fun Fact:

We use the same employee security training program we recommend to clients!

Security Awareness Training Topics

Employee training has to be engaging or your team will lose interest fast. That’s why we us engaging video-based case studies, that teach employees how to protect Personally Identifiable Information (PII), what real-life threats target them, and best practices for avoiding mistakes that could lead to detrimental consequences for the organization.

Employees learn what PII and sensitive company data are, where this data is located, and how they can do their part in helping protect this data. For this reason, training covers who cybercriminals are targeting, focusing on the theme that all businesses are a target.

In addition, employee security training discusses what causes most data breaches. Our training course educates staff on cybercriminals’ tactics to trick their victims. Some topics include phishing, password reuse, and more! Then, employees learn what to do if they suspect a data breach and learn about policies and procedures.

Baseline Employee Assessment

Like any good employee security training, you must understand where your team currently stands. Without a baseline, you have no idea what needs improvement and what areas are already strong. A Baseline Employee Assessment is a tool designed to evaluate employees’ and companies’ cybersecurity awareness levels.

Six categories of questions are considered:

General Cybersecurity Knowledge
Phishing Awareness
Password Hygiene
Handling PII (Personal Identifiable Information)
Social Media
Working Remotely

Sixty questions across these categories are provided to employees for the assessment. The results and the overall time taken to complete the evaluation are recorded. ONE 2 ONE has a designed administrator to monitor the results and the assessment report.

Assessment Report

The Assessment Report provides the average scores across all the employees within the company. The scores are shown out of 100 points for each category. A higher score indicates more awareness in that category. What’s great about the baseline cybersecurity scores, is that they can tell a company’s preparedness for a cybersecurity attack.

A goal of a well-rounded staff across the reporting categories should be strived for, but baseline results allow deficiencies to be identified and remediated. A company administrator should carefully review the results of this assessment to determine proper security training paths for the overall company and any specific employee security training requirements for an individual user.

Company Review Averages

Three stats track the overall performance of the company: overall cybersecurity score, average time of completion, and average score across sections.

Below is an example of what your averages could look like.

**Example of Results from Employee Security Training**

What is an ESS? (Employee Secure Score)

Besides the company being measured, individuals are measured too. Your Employee Secure Score (ESS) measures your security strength. Think of your ESS like a FICO credit score, but instead of measuring your creditworthiness, your ESS measures your personal security strength!

What Improves or Decreases Your ESS?

You can improve your ESS by setting up your user profile, completing annual training, acknowledging company policies and procedures, watching your weekly micro-training videos, and doing well on the subsequent quizzes.

Your ESS is negatively impacted when you fail a simulated phishing test, your company email is identified in a dark web breach, you do poorly on a weekly micro training quiz, or you fail to complete any of the items listed in the “What Improves Your ESS” section.

Your Portal Includes Ongoing Micro Trainings. Watch one today and boost your ESS!

**A List of Micro Trainings Inside the Portal**

The Leaderboard: Gamifying Employee Security Training

Now for the fun part! You and your team can compete by facing off for the top spot on the leaderboard! Who will have the highest ESS in your company and win bragging rights as the cybersecurity champion?

Currently, my ESS is 706 out of 800. I’m in 13th place among my colleagues, but I’m catching up to that number-one spot fast!

Employee Certification and Ongoing Training

Following the online employee security training course, employees will put their knowledge to the test with a 20-question quiz. A passing quiz score (80% or higher) will provide the employee with a certificate of completion. The documentation portal houses your organization’s training records and certificates for simplified tracking and quick reference.

Cybercriminals continue advancing their tactics, so staying current on threats and best practices is critical. An ongoing cybersecurity training program makes training continuous and easy. It combats your organization’s top human vulnerabilities with weekly videos, in-email phishing training, simulated phishing tests, dark web monitoring, an Employee Vulnerability Assessment, and more!