Cyber Security Awareness Training provides many benefits for small businesses, including increased diligence and recognition of obvious scams.
However, it can also have drawbacks. Conducted infrequently it loses its effectiveness; Conducted too often and employees ignore it as just another irritant in their workday.
The automated security awareness training systems don’t develop a culture of Cyber Security in an office, either, as they become individual “tests” rather than shared experiences. But that’s a topic for another blog.
So, how often should you test your team’s Cyber Security awareness to keep their diligence up? It turns out according to one study that training every four months is the “sweet spot” that produces the most consistently positive results in IT security testing.
Why Is Cybersecurity Awareness Training Recommended Every 4 Months?
Where does this four-month recommendation come from? A study presented at the USENIX SOUPS security conference looked at users’ ability to detect phishing emails versus training frequency.
Employees took phishing identification tests at several different time increments:
- 4 months
- 6 months
- 8 months
- 10 months
- 12 months
The study found that after four months training scores remained good. Employees could still accurately identify and avoid clicking on phishing emails. But after six months, their scores started to drop. Scores continued to decline the more months that passed between trainings.
To keep employees well prepared, they need refresher training on security awareness. This will maintain their diligence for phishing emails, phone calls, and the many other social engineering tricks hackers throw at them.
Need Help Keeping Your Team Trained on Cyber Security?
Develop a culture of Cyber Security in your organization with the complete Cyber Security Awareness Training program at Threatucation. Call 302-537-4198, email firstname.lastname@example.org, or submit our Contact form.