5 things to consider when selecting a Security Awareness Training (SAT) platform
WATCH VIDEO HERE
Security Awareness Training platform, what is it? If you’re not sure read our blog post here to find out what it is and why you need one. No matter what technology you have in place your weakest link is your employees and their lack of awareness. To build a great human firewall you will need a decent Security Awareness Training programme. How do you get one? Build your own? No, this is not a good idea! There is a ton of platforms out there to make your life easy. So how do you pick one? What do you need to look for in the platform?
Here are the top 5 things you need to think about so you choose the best one for your business.
The most important part of the Security Awareness Training platform is the content. The quality of the content, diversity of the content, the freshness of the content and frequency of content updates. The format of the training modules. Are they videos, interactive modules, puzzles, games, quizzes, wall posters, newsletters, etc...How long are the content modules? Are they engaging?
2. Admin overhead
If you are going to manage the platform yourself consider the admin overhead that’s required. Onboarding process shouldn’t be a hassle. The new user creations and leaver deletions on the portal should be automated. Ideally, the platform should sync with your directory services [Active Directory or similar] so that you can automate most of the tasks. Automation should be your priority when it comes to Admin overhead. You don’t want to end up spending days every month managing it.
Consider the user-friendliness of the platform. Is it going to take up your time training users on how to use the platform?
What functionality the platform is offering? Ideally, you would want to follow up training with some sort of testing. For example, sending out email phishing campaigns. Does the platform support the feature? If you have separate learning and development the Security Awareness Training Platform should be able to offer you to create a separate role so that they can manage just the training part. Sometimes HR departments are responsible for this and also HR might want to run reports on their own. For these needs, you don’t have to necessarily make them admin of the Security Awareness Training Platform. You can create Security roles and assign relevant users/groups. It’s like Active Directory groups and file permissions.
We speak to many customers on a day-to-day basis. One of the questions we get asked often is, can they customise the platform? Customise the training? Edit the content? Upload their own content? Is the platform hosted or SaaS?
If you are running Email Phishing campaigns users should be able to report the simulated Phishing emails as well as the real phishing emails. Does the platform offer an outlook plugin for that? It just makes easier users to report. Also, find out if the platform is able to do USB drop tests, Phone phishing [vishing] and smishing.
Of course, you have invested or going to invest in a Security Awareness Training Platform and your board will ask you to show the results or ROI. Yourself need to see the results too so that you can plan the next steps accordingly. You will need to run granular reports. See who is enrolled in a course, who started it, who didn’t, who passed, etc… Reports on Phishing tests. Who clicked on what links, who entered the data, opened an attachment, etc… Can you export the reports into a CSV/PDF file? Better yet, can you send them to a central dashboard? How it is to do that?
The obvious. What’s the cost? Cost model? Hidden costs? Management costs? Infrastructure costs?
I am assuming you are going to go with SaaS platform. My suggestion would be to have the cost per active mailbox per year. That should include the Directory synchronisation, content and any new content that will be published. You should able to re-purpose the licence of a leaver without any extra cost. If you are going to add more licences in the future you should be able to do that without much hassle. Some platforms out there let you add your content and most don’t unless you pay. You know what fits your business. If you are planning on having a managed service then find out how much it’s going to cost on top of the licence subscription. It might depend on the number of campaigns you want to run per month/year.
To sum up, in this day and age developing your own Security Awareness Training Platform doesn’t make sense. There are already well-developed purpose-built systems available on the market and it’s about picking the right one that suits your business. Hope the above 5 points help you.
If you need further advice or information check out our other blog posts or please feel free get in touch for a chat.
- How to apply for the Cyber Essentials Voucher Scheme
- 2 Years, Marmite and £600,000
- What is Business Email Compromise (BEC) and how to stop it
- Everything you need to know about Cyber Essentials
- How to pick the best Antivirus software for your business
- 6 Quick and Easy Email Security Tips for Dummies
- How to carry out a baseline email phishing test
- How to share passwords safely in your Small Business
- 10 Steps to Cyber Security
- 5 Reasons why you should consider having two monitors
- What is Email phishing & why you need security awareness training in your business
- 6 Top Tips to Prevent Cyber Attacks
- How to choose the right IT Service Provider for your business
- How to choose the best Antivirus software for your business
Need a Security Awareness Training Platform?
If you would like a demo of our Security Awareness Training Platform, KnowBe4 get in touch here
How to apply for the Cyber Essentials Voucher Scheme
The Scottish Government is very aware of the threat Cyber Attacks have and is encouraging businesses to go through Cyber Essentials certification and is offering up to a £1,000 voucher per business. This is how to claim it.More
2 Years, Marmite and £600,000
Either people love my approach or hate it. There's no in-between and I am fine with that. Over the last two years, I came Face to Face with a few haters but for every hater, I met 10s of people that supported me.More
What is Business Email Compromise (BEC) and how to stop it
Business Email Compromise (BEC), the biggest Cybersecurity threat for SMEs. As the FBI reported it costs businesses $12bn between December 2016 and May 2018. Here are a few simple steps you can take to avoid BEC in most cases.More
Everything you need to know about Cyber Essentials
You've heard of Cyber Essentials but not sure if you need it for your business? Here are 15 things you should know about it.More
FOR LATEST UPDATES SUBSCRIBE HERE: