There are many product companies and service providers offering Security Awareness Training services. In fact, just today ControlScan announced its broadened Security Awareness Training Service.
Of course when you have a plethora of options, it can be challenging to zero in on the right service provider. Quality of courses offered is the primordial thing to consider when you make a vendor selection. Ask for sample course materials and run through the course(s) yourself before making a decision that will impact all employees.
Researching Security Awareness Training
With the above comes an essential set of questions to ask when researching Security Awareness Training programs and their providers:
Do the course materials satisfy all the security policy requirements of your company?
Can you customize certain content if necessary? Can you segment the course materials to assign appropriate sessions to an individual or a group based on their job functions?
How is the training content delivered?
On demand via the Internet? In person with an external trainer? Or is your company expected to dedicate an internal resource to execute the training? (Note that if the training isn't available on demand then you won't be able to run the program on a continual, as-needed basis. This is important because new employees may have to wait for training and current employees may miss a session due to a scheduling conflict or illness.)
What does the training look like?
Will the training look like it came from your organization (to offer a sense of identity to employees) or will it be branded according to the vendor delivering it?
Is the training interactive and engaging or is it simply an "information dump"?
Is there a way to quiz employees as they take their training to ensure they are absorbing the information?
How can we track employee activity?
Will you have on-demand access to activity reports that enable you to monitor individual employees' progress, including which courses they have attended and successfully completed?
Research shows that employee negligence is the leading cause of data breaches. Unfortunately, many of these cyberattacks could have been prevented if employees had received thorough training on proper security protocols.
A recent Monte Carlo analysis by Aberdeen Group found that when an organization adopts Security Awareness Training, the corresponding shift in employee behavior reduces that organization's security-related risk by as much as 60%.
It's important to choose a program that guarantees maximum impact. ControlScan’s Security Awareness Training Service offers an expanded course catalog, tiered educational content and advanced tracking and reporting capabilities to ensure that your employees are knowledgeable on how to protect your business.
Still unable to convince the boss that Security Awareness Training is a must?
Check out my post on calculating Security Awareness Training's ROI here.