Two-thirds of organizations were compromised in the past 12 months Just 48% report their infrastructure is well equipped to fight ransomware Only 36% are confident in their employee security awareness training program

That means about half of security practitioners will be up late tonight, counting vulnerabilities instead of sheep as they look for ways to fill the growing gap in their security perimeter. With only 36% of professionals confident in their employee awareness training program, the good news is there’s considerable room for improvement in enterprise security education and employee preparedness.

Avoid These Common Security Awareness Training Pitfalls

While the Osterman report found most organizations offer some form of security awareness training (huzzah!), just 26% of employees receive training more than four times a year. When you consider 6.4 billion fake emails are sent everyday, it’s no surprise so few security pros are confident in their organizations’ employee awareness programs. Beyond training frequency, Osterman points to several other reasons why employees might not be buying what your organization’s security awareness training program is selling:

Irrelevant training content Multiple topics covered per session instead of one topic per session Boring, dry training

Effective Security Awareness Training: The Missing Layer in Your Security Strategy

A layered approach to security is no longer just a best practice — it’s critical to the health of any organization. Adding a layer of awareness training to your security strategy will provide extra protection against malicious content circumventing your security controls.   Osterman recommends implementing frequent, effective awareness training to thwart attacks targeting your employees. Download their free guide for 12 awareness training best practices you can implement now to increase employee training engagement and retention. Get the Guide

Infosec IQ Security Awareness Training: The Right Training at the Right Time

Infosec IQ by Infosec personalizes the awareness training experience based on your employees’ roles and security aptitudes. This fully automated SaaS solution delivers training dictated by your program design and individual employee training performance, as well as their involvement in events blocked by your endpoint protection software — making it easy to implement Osterman Research’s 12 awareness training best practices in your program. The Infosec IQ training resources library also includes thousands of training modules and phishing simulations, ensuring employee awareness training is always relevant, fun and fresh.