Methodology

Continuous Education Yields Measurable Results

Have you given thought to why presentations, videos, and simple slides aren’t terribly effective tools when it comes to knowledge retention? We certainly have. And we believe that while these formats are appropriate methods for informing users, they aren’t engaging enough to truly educate users.

Now consider the industry research that has shown that once-a-year classroom and video training is not effective in the battle against cyber-attacks. Put these two elements together, and you’ll start to get a sense of why our Continuous Training Methodology is based on a cyclical approach that both informs users about best practices and teaches users how to employ these practices when they face security threats. Some of our customers have seen a marked reduction in susceptibility in as few as two months, and our continuous training approach allows you to capitalize and build on this initial rise in awareness, effectively changing behaviors over time.

Assess, Educate, Reinforce, Measure

A continuous cycle of assessment, education, reinforcement, and measurement maximizes learning and lengthens retention. Our methodology sits in strong contrast to a “one and done” approach, giving you the flexibility to evolve your program over time, identify areas of susceptibility, and deliver targeted training when and where it’s most needed.

Our customers have experienced up to a 90% reduction in successful external phishing attacks and malware infections using this four-step approach to security awareness and training:

1. Assess – An important first step to a comprehensive security awareness and training program is to evaluate your employees’ knowledge and your organization’s susceptibility. We offer customizable assessments and simulated attacks (e.g., mock phishing emails), as well as Teachable Moments that provide tips and practical advice for employees who fall for mock phishing, smishing, and USB attacks. These brief exercises explain the dangers of actual attacks and help motivate employees to participate in follow-up training.
2. Educate – Our interactive training modules are the key to educating your employees about security threats in the workplace and beyond. These 10- to 15-minute modules give users the opportunity to understand the types of risks they might encounter and recognize how their actions can have a positive impact on the safety and security of corporate and personal assets. Our Auto-Enrollment feature allows you to automatically assign training to employees who fall for simulated phishing attacks and those users who don't exhibit a desired level of proficiency on Predefined CyberStrength^® assessments.
3. Reinforce – Our Security Awareness Materials — a library of images, posters, articles, and gifts — help you emphasize best practices and positive behaviors within your workplace. By making these message more visible and more recognizable, you reinforce your training and help employees retain their knowledge.
4. Measure – We feel the most effective training program is one that is flexible enough to adapt and change according to your needs. That’s why measurement is so important. Our approach allows you to gather powerful analytics about your organization’s strengths and weaknesses, evaluate results, and plan future training accordingly prior to repeating the four-step cycle.