TruShield is now Avertium! To learn more and see what's new, visit

Top 3 Reasons You Need Cyber Security Awareness Training

Email Us - 877.583.2841 - Request A Demo

Use This Form To Have A TruShield Team Member Contact You With More Information.

[gravityform id="8" title="false" description="false" ajax="true"]

Use This Form To Contact TruShield Inc Directly. Or you can call us at: 877.583.2841. We will respond back as quickly as possible!

Top 3 Reasons You Need Cyber Security Awareness Training

Cyber Security Awareness TrainingOctober is National Cyber Security Awareness month. In celebration, we wanted to put out a quick blog post here about why regular cyber security awareness training is important.

While a talented 24/7 security operations center using good technological tools can prevent the vast majority of threats, your people outside of IT security play a critical role on the front lines of your company’s IT security efforts.

Here’s an analogy: how good is your home security system if you invite a criminal into your home?

Not good at all. Immediately, all security goes out the window.  It’s no different with cyber security

To use another analogy, let’s look at the medical model as applied to cyber security. You are going to come across bugs and viruses. It’s a fact of life. But it doesn’t mean you shouldn’t use good hygiene. The same applies to IT security. You should not just accept that hacks and breaches are going to happen, you should combat them and use good cyber hygiene.

Why You Need Cyber Security Awareness Training

The mantra among advanced cyber security experts for years has been “defense in depth, defense in depth.” Even with the greatest people and technology in place, the weakest link in your organization, when it comes to its IT security, are your own employees.

There are three main reasons why you need security awareness training:

  1. Regulatory Requirements

Let’s look at the first reason, regulatory requirements. If your company falls under any regulatory requirements, find out what’s needed from an IT security standpoint. If your company falls under GLBA, PCI, HIPAA or Sarbanes-Oxley, you will need some element of security awareness training.  Regulations requiring security awareness training understand that people are a weak link in IT security.

  1. The Vanishing Perimeter (Thanks to Bring Your Own Devices policies).

The inherent vulnerability the human element entails is further compounded by companies, in an effort to reduce costs, allowing employees to bring their own computing devices to work (BYOD).  BYOD, which we don’t recommend, along with the Internet of Things is responsible for the vanishing perimeter, which refers to your network being less defensible because people in your company are using devices and connections that are not under your security posture. The prevalence of the vanishing perimeter places an even greater emphasis on proper cyber hygiene, which can be taught by a good security training program.

  1. Constant Changes in the Threat Landscape

Finally, you and your team have to stay on top of the latest cyber threats out there that look to exploit the human element, especially social engineering attacks. For example, spam and email phishing rates decreased last year while manually shared social media scams increased from 2% to 80% in the same time frame.

Ready for some scary statistics?  Let’s look just at spear-phishing attempts in 2014:

  • 34% of spear phishing attacks are aimed at small businesses
  • 25% of spear phishing attacks are aimed at medium sized businesses
  • 41% spear phishing attacks are aimed at large enterprises

And the number of breaches are only projected to go up.

SIDENOTE: Our friends at the Infosec Institute have developed a sneaky little app that lets you conduct mock phishing attempts against your colleagues over at Go ahead, test your coworkers … but don’t tell them it was my idea – tell them it was yours.

The threat landscape changes constantly and security awareness is a perishable skill. What your employees implement a few weeks after training can be forgotten. They may also become complacent.

Look at this handy chart from our friends at The Infosec Institute:

Chart from the InfoSec Institute


Regular training resulted in a 80%+ increase in average retention rates.  This can be the difference between keeping any personally identifiable information (PII) or sensitive data secure, to being the victim of a data breach.

Even if you’re convinced you need to increase your investments in cyber security awareness training, you may still need to convince your colleagues, executives, or board members on its importance.

Prevention goes a long way and good cyber hygiene prevents breaches. Training your employees on good cyber hygiene prevents them from being breached at home, which may impact them at work. A more secure world creates a safer world for business … especially your business.

5 Responses to Top 3 Reasons You Need Cyber Security Awareness Training

  1. I think it’s very interesting that the weakest link in IT security is your employees. I have noticed that there are a lot of threats for information online, and always wondered how companies deal with it. I think it’s great that they are starting to train their employees to do more.

  2. I would like to commend the author for this article. It has been said that Digital Security is a shared responsibility of all employees within an organization.

    As businesses move their shops to the internet and start to do transactions online, security becomes a responsibility of everyone in the organization. In the case of our company, we had our employees undergo online digital awareness training under Career Academy to further improve their awareness of the risks of cyberattacks. The added knowledge increases our confidence in minimizing opportunities for external threats to infiltrate our online shop.

    Kudos to the author.

  3. Employees are the front line of defense, in this day and age it should be common sense to teach them about cyber dangers. If anyone needs a list of companies to checkout, the most popular are wombat, knowbe4, (my favorite), sans securing the human, and PhishMe.

Leave a reply

Copyright © 2018