Employee-friendly Content Cybersecurity - Prevention Blog

Security Awareness Training: Don’t let an employee ruin your day

Security Awareness Training is a critical part of your organization’s cybersecurity plan

You’ve set up your organization’s cybersecurity—considering firewall, anti-virus, DNS and web filtering, your wireless network… and on and on. You’ve made all the difficult IT security decisions to protect your business, but just one well-meaning employee that clicks one malicious link in one little email can open the door for a hacker to defeat all your defenses.

As a small business, you’re not likely to get targeted. Right?


Hackers look for the easiest targets, and small organizations with limited IT budgets are more likely to fall prey to a cyber attack than a big enterprise. According to the Verizon Data Breach Investigations Report, more than three-quarters of the companies targeted by malicious hackers are small.

Don’t worry. That doesn’t mean you need to double your IT budget.

Protecting your users by teaching them how to avoid email attacks will make a difference right away.

Email is a hacker’s favorite weapon. Symantec reports that more than 400 businesses are targeted by spear-phishing emails every day. And those emails often look very real to an untrained reader.

What is security awareness training? How does it work?

Security Awareness Training is a program designed for non-technical computer users that trains them to spot the signs of a malicious email—so they don’t click a link that could ruin everyone’s day.

Security Awareness training can also cover topics like password security, safe web browsing, and mobile device security so your employees stay up-to-date and vigilant about protecting their organization. And because cybersecurity threats change all the time, the training modules are updated regularly by expert cybersecurity teams. The program is automated—regularly testing employees through simulated phishing campaigns and reminders to take new training as it’s released.

When an organization adds Security Awareness Training to its IT services, the very first step is a simulated phishing attack to get a baseline score of the company’s “phish prone” percentage. Most of our clients are surprised at how many of their users click phishy links. Then the training begins.

How do we know it works?

I spoke with one of our clients in Charlotte whose phish-prone percentage started at 34% and dropped to just 6% after beginning Security Awareness Training. He shared that his end-users now forward him suspicious emails from vendors or customers that don’t seem legitimate. And in many cases when they have followed-up, the email was the result of a hacker. He says the frequency of the training test emails keeps his users ready and alert all year.

One of our Raleigh-based clients, saw their phish-prone percentage fall from 51% to 2% after beginning the training. As a recruiting firm, their end-users send and receive a LOT of email. When Personify started the program, none of their users wanted to end up as the one person to fall for a phishing email. The whole organization really got into it, and their results show it. Personify users still forward suspicious emails to get checked out, staying constantly vigilant.

Security awareness training may be the missing piece to your cybersecurity preparation.

Reach out to your WorkSmart Account Manager or contact our sales team at [email protected] for more information.