5 things to consider when selecting a Security Awareness Training (SAT) platform
WATCH VIDEO HERE
Security Awareness Training platform, what is it? If you’re not sure read our blog post here to find out what it is and why you need one. No matter what technology you have in place your weakest link is your employees and their lack of awareness. To build a great human firewall you will need a decent Security Awareness Training programme. How do you get one? Build your own? No, this is not a good idea! There is a ton of platforms out there to make your life easy. So how do you pick one? What do you need to look for in the platform?
Here are the top 5 things you need to think about so you choose the best one for your business.
The most important part of the Security Awareness Training platform is the content. The quality of the content, diversity of the content, the freshness of the content and frequency of content updates. The format of the training modules. Are they videos, interactive modules, puzzles, games, quizzes, wall posters, newsletters, etc...How long are the content modules? Are they engaging?
2. Admin overhead
If you are going to manage the platform yourself consider the admin overhead that’s required. Onboarding process shouldn’t be a hassle. The new user creations and leaver deletions on the portal should be automated. Ideally, the platform should sync with your directory services [Active Directory or similar] so that you can automate most of the tasks. Automation should be your priority when it comes to Admin overhead. You don’t want to end up spending days every month managing it.
Consider the user-friendliness of the platform. Is it going to take up your time training users on how to use the platform?
What functionality the platform is offering? Ideally, you would want to follow up training with some sort of testing. For example, sending out email phishing campaigns. Does the platform support the feature? If you have separate learning and development the Security Awareness Training Platform should be able to offer you to create a separate role so that they can manage just the training part. Sometimes HR departments are responsible for this and also HR might want to run reports on their own. For these needs, you don’t have to necessarily make them admin of the Security Awareness Training Platform. You can create Security roles and assign relevant users/groups. It’s like Active Directory groups and file permissions.
We speak to many customers on a day-to-day basis. One of the questions we get asked often is, can they customise the platform? Customise the training? Edit the content? Upload their own content? Is the platform hosted or SaaS?
If you are running Email Phishing campaigns users should be able to report the simulated Phishing emails as well as the real phishing emails. Does the platform offer an outlook plugin for that? It just makes easier users to report. Also, find out if the platform is able to do USB drop tests, Phone phishing [vishing] and smishing.
Of course, you have invested or going to invest in a Security Awareness Training Platform and your board will ask you to show the results or ROI. Yourself need to see the results too so that you can plan the next steps accordingly. You will need to run granular reports. See who is enrolled in a course, who started it, who didn’t, who passed, etc… Reports on Phishing tests. Who clicked on what links, who entered the data, opened an attachment, etc… Can you export the reports into a CSV/PDF file? Better yet, can you send them to a central dashboard? How it is to do that?
The obvious. What’s the cost? Cost model? Hidden costs? Management costs? Infrastructure costs?
I am assuming you are going to go with SaaS platform. My suggestion would be to have the cost per active mailbox per year. That should include the Directory synchronisation, content and any new content that will be published. You should able to re-purpose the licence of a leaver without any extra cost. If you are going to add more licences in the future you should be able to do that without much hassle. Some platforms out there let you add your content and most don’t unless you pay. You know what fits your business. If you are planning on having a managed service then find out how much it’s going to cost on top of the licence subscription. It might depend on the number of campaigns you want to run per month/year.
To sum up, in this day and age developing your own Security Awareness Training Platform doesn’t make sense. There are already well-developed purpose-built systems available on the market and it’s about picking the right one that suits your business. Hope the above 5 points help you.
If you need further advice or information check out our other blog posts or please feel free get in touch for a chat.
- Case study: British Airways Fined £183.4million for Data Breach
- The Silver Bullet in Cyber Security
- Is it a good idea to build your own Security Awareness Training platform?
- Fake invoice email scams and Office 365
- How to apply for the Cyber Essentials Voucher Scheme
- 2 Years, Marmite and £600,000
- What is Business Email Compromise (BEC) and how to stop it
- Everything you need to know about Cyber Essentials
- How to choose a Security Awareness Platform
- How to pick the best Antivirus software for your business
- 6 Quick and Easy Email Security Tips for Dummies
- How to carry out a baseline email phishing test
- How to share passwords safely in your Small Business
- 10 Steps to Cyber Security
- 5 Reasons why you should consider having two monitors
- What is Email phishing & why you need security awareness training in your business
- 6 Top Tips to Prevent Cyber Attacks
- How to choose the best IT Service Provider for your business
- How to choose the best Antivirus software for your business
Need a Security Awareness Training Platform?
If you would like a demo of our Security Awareness Training Platform, KnowBe4 get in touch here
Case study: British Airways Fined £183.4million for Data Breach
The UK's Information Commissioner's Office has declared that it intends to fine British Airways a record total of £183.4m because of a data breach it suffered during the summer of 2018.More
The Silver Bullet in Cyber Security
Even large companies with all the best security in place become victims of malware attacks because they don't do their updates. Find out why patch management is so important for your company.More
Is it a good idea to build your own Security Awareness Training platform?
Should you build your own Security Awareness Training platform? Nope! And here are the reasons why.More
Fake invoice email scams and Office 365
The fake invoice scam has been impacting an unbelievable amount of businesses lately costing £000’s every day. Every other day there is a business hit with this type of attack. Here are some simple tips you can implement now.More
FOR LATEST UPDATES SUBSCRIBE HERE: