At ONE 2 ONE, we talk a lot about employee security training. Cybersecurity training is one of the first things we launch for our clients. Since 95% of data breaches are caused by human error, you can see why the training is a strategic piece of any good cybersecurity plan.
We walk the walk, too. All employees must take cybersecurity training and are encouraged to continue training. It’s important to remember, cybersecurity training is not a set-it-and-forget type of training.
Hi, my name is Chuck. I work in the sales and marketing department at ONE 2 ONE. In today’s post, I want to share how employees at ONE 2 ONE use cybersecurity training plus show you my employee security score. The goal is to show you the benefits of security awareness training and understand that you can roll it out in a fun way.
Security Awareness Training Topics
Employee training has to be engaging or your team will lose interest fast. That’s why we us engaging video-based case studies, that teach employees how to protect Personally Identifiable Information (PII), what real-life threats target them, and best practices for avoiding mistakes that could lead to detrimental consequences for the organization.
Employees learn what PII and sensitive company data are, where this data is located, and how they can do their part in helping protect this data. For this reason, training covers who cybercriminals are targeting, focusing on the theme that all businesses are a target.
In addition, employee security training discusses what causes most data breaches. Our training course educates staff on cybercriminals’ tactics to trick their victims. Some topics include phishing, password reuse, and more! Then, employees learn what to do if they suspect a data breach and learn about policies and procedures.
Baseline Employee Assessment
Like any good employee security training, you must understand where your team currently stands. Without a baseline, you have no idea what needs improvement and what areas are already strong. A Baseline Employee Assessment is a tool designed to evaluate employees’ and companies’ cybersecurity awareness levels.
Six categories of questions are considered:
Sixty questions across these categories are provided to employees for the assessment. The results and the overall time taken to complete the evaluation are recorded. ONE 2 ONE has a designed administrator to monitor the results and the assessment report.
The Assessment Report provides the average scores across all the employees within the company. The scores are shown out of 100 points for each category. A higher score indicates more awareness in that category. What’s great about the baseline cybersecurity scores, is that they can tell a company’s preparedness for a cybersecurity attack.
A goal of a well-rounded staff across the reporting categories should be strived for, but baseline results allow deficiencies to be identified and remediated. A company administrator should carefully review the results of this assessment to determine proper security training paths for the overall company and any specific employee security training requirements for an individual user.
Company Review Averages
Three stats track the overall performance of the company: overall cybersecurity score, average time of completion, and average score across sections.
Below is an example of what your averages could look like.
What is an ESS? (Employee Secure Score)
Besides the company being measured, individuals are measured too. Your Employee Secure Score (ESS) measures your security strength. Think of your ESS like a FICO credit score, but instead of measuring your creditworthiness, your ESS measures your personal security strength!
What Improves or Decreases Your ESS?
You can improve your ESS by setting up your user profile, completing annual training, acknowledging company policies and procedures, watching your weekly micro-training videos, and doing well on the subsequent quizzes.
Your ESS is negatively impacted when you fail a simulated phishing test, your company email is identified in a dark web breach, you do poorly on a weekly micro training quiz, or you fail to complete any of the items listed in the “What Improves Your ESS” section.
Your Portal Includes Ongoing Micro Trainings. Watch one today and boost your ESS!
The Leaderboard: Gamifying Employee Security Training
Now for the fun part! You and your team can compete by facing off for the top spot on the leaderboard! Who will have the highest ESS in your company and win bragging rights as the cybersecurity champion?
Currently, my ESS is 706 out of 800. I’m in 13th place among my colleagues, but I’m catching up to that number-one spot fast!
Employee Certification and Ongoing Training
Following the online employee security training course, employees will put their knowledge to the test with a 20-question quiz. A passing quiz score (80% or higher) will provide the employee with a certificate of completion. The documentation portal houses your organization’s training records and certificates for simplified tracking and quick reference.
Cybercriminals continue advancing their tactics, so staying current on threats and best practices is critical. An ongoing cybersecurity training program makes training continuous and easy. It combats your organization’s top human vulnerabilities with weekly videos, in-email phishing training, simulated phishing tests, dark web monitoring, an Employee Vulnerability Assessment, and more!
Employee Security Training
ONE 2 ONE uses PII Protect Training for our employees and our clients. PII Protect Training is a cloud-based security portal offering online training that employees complete at their own pace.
The training courses are made up of interactive and engaging videos, and once the primary training is complete, employees receive a certificate. But training doesn’t end there. Ongoing training includes security tips, reminders, and mini courses to keep teams informed.
If you’d like to learn more about employee cybersecurity training for your team or you’re already using the platform and have questions, contact us today.
Stay ahead of the threats—subscribe to the newsletter.
Essential cybersecurity insights for business leaders, delivered to your inbox.