How to educate your employees about cyberthreats

January 18, 2019

Security Awareness (corporate cybersecurity training for employees) is perhaps the most in-demand area of the IT market. Companies understand perfectly well that mistakes by employees account for the majority of all incidents, and that the situation can be fixed only with the help of competent, effective training.

However, most awareness programs were made to meet the demands of enterprise customers. They are complicated and inflexible. Smaller business requires something different. Something like an online service that effectively boosts the cyberawareness of employees without requiring excessive resources. That is why we have launched our new Automated Security Awareness Platform, a solution designed primarily for SMB customers, but appropriate for large companies as well.

The main idea behind this platform is that employees should connect with the training — mainly because the information is not just theoretical but is related to their everyday work. Training sessions consist of short, interesting, and varied tasks. And when people enjoy what they learn, they learn effectively. Important: We apply the principle of microlearning — all lessons are very short (from 1 to 5 minutes), and each lesson develops a specific cybersecurity skill. For example, when studying the module “E-mail: Entry Level,” employees form 13 specific skills — and spend just 30 minutes learning them.

We base our training on more than our cybersecurity expertise — we also bring expertise in humans, behavioral psychology, and the science of learning and information absorption. For example, we base our topic repetition on the forgetting curve.

How does it work?

Training is very easy to launch, configure, and monitor: The platform is fully automated, so there’s no need for a manager to personally create a timetable for each employee, assign tasks, and so on. You can simply download the list of users, divide them into groups using simple rules, and start the training.

Setting a goal

You can specify a training target level for each group, rather than try to teach everyone everything. For example, if your designers don’t have access to highly confidential information, why waste their time teaching them complex protection procedures or the technical aspects of cybersecurity? Assign them entry level training, which will ensure the formation of key skills, protect the company and employees from the most common types of attacks — and use their time judiciously.

Creating a training plan

Actually, the platform automatically creates a training plan for every group of employees. Everyone studies according to their level of risk, learning speed, vacations, holidays, and so forth.

The training course covers all relevant aspects of cybersecurity. It currently includes six key topics, with four more appearing throughout 2019:

  • Websites, links, and the Internet
  • E-mail security and antiphishing protection
  • Passwords and accounts
  • Social networks and instant messengers
  • PC security
  • Mobile security
  • Protection of confidential data
  • Social engineering
  • Personal information and GDPR
  • Security outside the office

Each topic is divided into several levels of complexity (from “Beginner” to “Advanced”), and from the first days of training, employees begin acquiring strong, specific skills for working in a digital environment.

The platform guarantees consolidation of knowledge. Any knowledge can be quickly lost if not refreshed from time to time. Regular reinforcement is embedded in the platform. The topics also intersect — when studying the topic “Social networks,” users will recall previous tips for working with passwords, links, and so on, so that the acquired knowledge and skills will not fade away in a couple of weeks. Furthermore, we help them to develop “pattern perception”: Employees can then recognize new dangers and behave safely, even when faced with unknown future threats.

Reporting and benchmarking

On the main page of the customer’s interface, key reports are displayed that immediately highlight “underachievers,” showing the reasons for the holdup, and if necessary, sending a motivating or warning message (the platform contains templates).

How to start using the platform

The platform is already available in English, German, Italian, Russian, French, and Spanish, and we plan to add Arabic and Dutch languages this year.

To learn more about the Kaspersky Automated Security Awareness Platform and for a free trial, please visit our corporate website.

You will need just a few moments to start using this platform thanks to the self-registration process, which does not require sending requests, waiting for answers, and so on. Simply register, add users, divide them into groups, and set a start date. The platform takes care of the rest.