{"id":9852,"date":"2024-04-02T07:01:08","date_gmt":"2024-04-02T11:01:08","guid":{"rendered":"https:\/\/joindeleteme.com\/?p=9852"},"modified":"2024-06-13T08:45:12","modified_gmt":"2024-06-13T12:45:12","slug":"end-user-security-awareness-training","status":"publish","type":"b2b-post","link":"https:\/\/joindeleteme.com\/business\/blog\/end-user-security-awareness-training\/","title":{"rendered":"End User Security Awareness Training\u00a0"},"content":{"rendered":"\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#what-is-end-user-security-awareness-training\">What Is End User Security Awareness Training?<\/a><\/li><li><a href=\"#why-is-end-user-security-awareness-training-important\">Why Is End User Security Awareness Training Important?<\/a><\/li><li><a href=\"#what-does-end-user-security-awareness-training-look-like\">What Does End User Security Awareness Training Look Like?\u00a0<\/a><\/li><li><a href=\"#key-aspects-of-end-user-security-awareness-training\">Key Aspects of End User Security Awareness Training\u00a0<\/a><\/li><li><a href=\"#why-end-user-security-awareness-training-is-not-foolproof\">Why End User Security Awareness Training Is Not Foolproof\u00a0<\/a><\/li><li><a href=\"#how-to-reduce-the-risk-of-personal-information-attacks\">How to Reduce the Risk of Personal Information Attacks<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<p>In this guide, we\u2019ll explain what end user security awareness training is and what it looks like for a typical organization.&nbsp;<\/p>\n\n\n\n<p>We\u2019ll also discuss why training alone isn\u2019t effective and what companies can do to reduce the likelihood that their end users will be targeted in attacks.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-is-end-user-security-awareness-training\">What Is End User Security Awareness Training?<\/h2>\n\n\n\n<p>End-user security awareness training is a training program that educates \u201cend users\u201d (typically company employees or organization members) about security.&nbsp;<\/p>\n\n\n\n<p>The goal is to inform users about cyber threats and teach them how to protect themselves and their organization.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"why-is-end-user-security-awareness-training-important\">Why Is End User Security Awareness Training Important?<\/h2>\n\n\n\n<p>By educating their workforce about their role in cybersecurity, organizations can significantly mitigate the risk posed by human error, which is <a href=\"https:\/\/inquest.net\/wp-content\/uploads\/2023-data-breach-investigations-report-dbir.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">one of the biggest sources<\/a> of data breaches.\u00a0<\/p>\n\n\n\n<p>While some security incidents happen due to negligence, like employees sending sensitive emails to the wrong recipient, criminals also use psychological manipulation to get end users to make security mistakes or share confidential information.&nbsp;&nbsp;<\/p>\n\n\n\n<p>These manipulations often come in the form of phishing and business email compromise (BEC) attacks. In 2023, <a href=\"https:\/\/www.proofpoint.com\/sites\/default\/files\/threat-reports\/pfpt-us-tr-state-of-the-phish-2024.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">73%<\/a> of companies were targeted by BEC attacks, and <a href=\"https:\/\/www.proofpoint.com\/sites\/default\/files\/threat-reports\/pfpt-us-tr-state-of-the-phish-2024.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">74%<\/a> were targeted by spear phishing emails.\u00a0<\/p>\n\n\n\n<p>When employees receive these often convincing communications, it can be difficult to determine if they\u2019re real or fraudulent.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"582\" height=\"322\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/04\/pasted-image-0-55.png\" alt=\"Twitter\/X post from a security expert who got phished \" class=\"wp-image-9853\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/04\/pasted-image-0-55.png 582w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/04\/pasted-image-0-55-300x166.png 300w\" sizes=\"(max-width: 582px) 100vw, 582px\" \/><\/figure>\n\n\n\n<p>That\u2019s where security awareness training comes into play &#8211; it can teach employees how to recognize fraudulent messages and potentially malware- or ransomware-laden attachments, along with techniques for improving their overall security, like using strong passwords and backing up data.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-does-end-user-security-awareness-training-look-like\">What Does End User Security Awareness Training Look Like?&nbsp;<\/h2>\n\n\n\n<p>End user security awareness training is often conducted through a mixture of online courses, quizzes, workshops, regular updates, and practical exercises.&nbsp;<\/p>\n\n\n\n<p>The specific type of training and the formats involved differ depending on the needs and vulnerabilities of the organization.<\/p>\n\n\n\n<p>For example, some companies provide security advice daily through platforms regularly used by employees (such as Slack or Teams). According to CybSafe, <a href=\"https:\/\/www.cybsafe.com\/press-releases\/only-1-in-10-workers-remembers-all-their-cyber-security-training\/\" target=\"_blank\" rel=\"noreferrer noopener\">79%<\/a> of office workers responded favorably to this delivery method, while a full <a href=\"https:\/\/www.cybsafe.com\/press-releases\/only-1-in-10-workers-remembers-all-their-cyber-security-training\/\" target=\"_blank\" rel=\"noreferrer noopener\">90%<\/a> prefer to receive reminders through instant messaging apps. Using this method of frequent reminders (either daily or weekly) can double employees\u2019 retention of their security training compared to those who receive it less frequently.\u00a0<\/p>\n\n\n\n<p>Your organization may make the training <a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/from-snooze-to-enthuse-security-awareness-training-that-sticks\" target=\"_blank\" rel=\"noreferrer noopener\">role appropriate<\/a> by highlighting the risks affecting specific teams or departments. This is especially important if your organization handles sensitive data, as some team members will need more targeted training to learn the policies behind information security.<\/p>\n\n\n\n<p>To determine what kind of training is appropriate for each department, ask yourself what technologies are used by employees within the department on a day-to-day basis and what threats or scams they\u2019re likely to face.&nbsp;<\/p>\n\n\n\n<p>If you <a href=\"https:\/\/www.csoonline.com\/article\/557879\/awareness-training-how-much-is-too-much.html\" target=\"_blank\" rel=\"noreferrer noopener\">make training relevant<\/a> to what they\u2019re doing, employees will be more likely to retain the information.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"key-aspects-of-end-user-security-awareness-training\">Key Aspects of End User Security Awareness Training&nbsp;<\/h2>\n\n\n\n<p>While specific components of a cybersecurity awareness training program will vary, common training modules will likely overlap for all involved.<\/p>\n\n\n\n<p>With <a href=\"https:\/\/engage.spycloud.com\/rs\/713-WIP-737\/images\/spycloud-report-2022-annual-identity-exposure-report.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">many people<\/a> reusing previously compromised passwords, password security is a critical module to include. At the very least, it should teach employees how to create strong passwords that don\u2019t contain easy-to-remember words, encourage everyone to change compromised credentials and enable multi-factor authentication.<\/p>\n\n\n\n<p>Social engineering\/phishing training is another important component, as phishing attacks are <a href=\"https:\/\/www.digit.fyi\/over-1-in-10-business-leaders-dont-know-if-theyve-been-hacked\/\" target=\"_blank\" rel=\"noreferrer noopener\">among the most common causes<\/a> of data breaches. This module can cover everything from mass phishing campaigns to spear phishing and BEC attacks.\u00a0<\/p>\n\n\n\n<p>Other common training topics include physical security, sensitive information handling, mobile device security, remote work security, and incident reporting.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"why-end-user-security-awareness-training-is-not-foolproof\">Why End User Security Awareness Training Is Not Foolproof&nbsp;<\/h2>\n\n\n\n<p>Regardless of how well you design your end user security awareness training program (or how often you provide it), remember that employee training is not foolproof.<\/p>\n\n\n\n<p>Part of it comes down to convenience. <a href=\"https:\/\/www.proofpoint.com\/sites\/default\/files\/threat-reports\/pfpt-us-tr-state-of-the-phish-2024.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Last year, 71%<\/a> of <em>trained <\/em>employees admitted to taking risky actions, and 96% of them were <em>fully aware<\/em> that their actions were risky.\u00a0<\/p>\n\n\n\n<p>Even knowing that what they\u2019re doing is potentially dangerous isn\u2019t always enough to stop employees from carrying out that action anyway. It\u2019s one thing knowing you need to stop using weak credentials. It\u2019s quite another to start creating strong passwords you probably won\u2019t remember.&nbsp;<\/p>\n\n\n\n<p>Psychologist Bec McKeown acknowledges this, <a href=\"https:\/\/www.securityweek.com\/security-awareness-training-isnt-working-how-can-we-improve-it\/\" target=\"_blank\" rel=\"noreferrer noopener\">writing<\/a>:\u00a0<\/p>\n\n\n\n<p><em>\u201cWhat people don\u2019t realize is that psychologically there is no direct link between awareness and behavior change. Most people believe that if you make people aware, they will do something about it. That is not true.\u201d<\/em><\/p>\n\n\n\n<p>You also can\u2019t train against everything. Given how tailored social engineering attacks can be, it can be impossible for employees to make a connection between a phishing simulation and a real-world spear-phishing attack.&nbsp;<\/p>\n\n\n\n<p>Organizations looking to minimize the possibility of data breaches and cybercrime should consider going beyond training programs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-to-reduce-the-risk-of-personal-information-attacks\">How to Reduce the Risk of Personal Information Attacks<\/h2>\n\n\n\n<p>Cybercriminals use employee personal information to personalize their phishing emails, guess their account credentials, and impersonate them in BEC attacks.&nbsp;<\/p>\n\n\n\n<p>Security awareness training can educate employees about these personal information threats, but it can\u2019t guarantee that employees will be able to spot them in real time.&nbsp;<\/p>\n\n\n\n<p>Rather than expecting employees to be able to catch these kinds of threats, it\u2019s better to reduce the amount of ammunition (employee data) criminals can get their hands on. The best way to do that is through online footprint reduction.&nbsp;<\/p>\n\n\n\n<p>Shrinking your online footprint generally involves several steps, including changing privacy settings on social media, limiting the amount of information posted on any public channel, and opting out of data brokers.<\/p>\n\n\n\n<p>Data brokers, in particular, are a growing concern. They are companies that collect information about people and then sell it in the form of comprehensive profiles to anyone who wants them. <a href=\"https:\/\/www.varonis.com\/blog\/contileaks\" target=\"_blank\" rel=\"noreferrer noopener\">Cybercriminals use<\/a> data brokers to find targets and contacts to \u201cname drop\u201d in social engineering attacks.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1021\" height=\"1024\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/04\/media-46-1-1-1021x1024.png\" alt=\"B2B data broker profile\" class=\"wp-image-9855\" style=\"width:532px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/04\/media-46-1-1-1021x1024.png 1021w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/04\/media-46-1-1-300x300.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/04\/media-46-1-1-150x150.png 150w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/04\/media-46-1-1-768x770.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/04\/media-46-1-1.png 1412w\" sizes=\"(max-width: 1021px) 100vw, 1021px\" \/><\/figure>\n\n\n\n<p>While it is possible to manually opt out of data brokers, employees would need to opt out of multiple brokers and do so repeatedly (brokers reactivate profiles when they find more information).&nbsp;<\/p>\n\n\n\n<p>Alternatively, organizations can sign their employees to a <a href=\"https:\/\/business.joindeleteme.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">data broker removal service such as DeleteMe<\/a>, leaving the opting-out process in the hands of data professionals.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, we\u2019ll explain what end user security awareness training is and what it looks like for a typical organization.&nbsp; We\u2019ll also discuss why training alone isn\u2019t effective and what companies can do to reduce the likelihood that their end users will be targeted in attacks.&nbsp; What Is End User Security Awareness Training? End-user [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":9856,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"b2b-category":[45],"class_list":["post-9852","b2b-post","type-b2b-post","status-publish","format-standard","has-post-thumbnail","hentry","b2b-category-resources"],"acf":[],"_links":{"self":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/9852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post"}],"about":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/types\/b2b-post"}],"author":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/users\/14"}],"version-history":[{"count":0,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/9852\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media\/9856"}],"wp:attachment":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media?parent=9852"}],"wp:term":[{"taxonomy":"b2b-category","embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-category?post=9852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}