As a result of starting a security awareness training program any organization can strengthen security through end-user training in as little as three months. According to the KnowBe4 statistics below (Source 1):
- After 90 days, the average phish-prone percentage (PPP) was cut to almost half from 32.4 % to 17.6%.
- After one year, the average PPP went from 32.4% all the way down to 5%.
- After one year, there was an 85% average improvement rate from baseline testing.
Does security awareness training work?
Employees need specific, ongoing training to help protect company information and stay safe online. After following a security awareness training program your company can:
- Reduce clicking on scam emails.
- Test and train employees continually with phishing simulations and decisions on how to handle these situations.
Why phishing is dangerous
Phishing is the #1 way companies are compromised and security awareness training helps minimize this threat. Phishing is a type of social engineering when attackers send malicious emails designed to trick people into falling for a scam.
Popular phishing forms
- Spoofing: a person or program attempts to send emails to associates leveraging an address similar to your own.
- Impersonation: emails requesting payment to be made or vendor addresses to be changed coming into your environment which claim to be from a manager, or other publicly known employees.
- Malware/viruses: malicious emails may have attachments or links that, when clicked, will install a virus, or redirect the victim to a false website/access page.
Tips to mitigate phishing
- Always stop and think before you click links and attachments.
- Be very cautious when clicking unsubscribe links in SPAM emails, as they are often malicious, and never open an attachment you receive from an unknown source, or that you weren’t expecting.
How to implement a security awareness training program
Contact firstname.lastname@example.org to discuss reducing phishing within your company with a security awareness training program.
1- KnowBe4 Phishing by Industry Benchmarking Report 2022 Edition: https://blog.knowbe4.com/knowbe4-2022-phishing-by-industry-benchmarking-report