Mimecast Limited

11/21/2024 | News release | Distributed by Public on 11/21/2024 15:49

A Dashboard’s Value in Cybersecurity Awareness Training

Laying a foundation for greater cyber awareness in an organization's employee base is, in theory, a straightforward undertaking. But it is straightforward in the same way that teaching employees to use a new production system or follow a new workflow is straightforward.

Employees still have to be trained, ideally in a way that is integrated into their everyday activities so the lessons stick. And cybersecurity awareness training is unique in one important way: there is no obvious end point - no moment when the job can be considered done. It's more about instilling vigilance in employees with every digital communication and keeping them apprised of the latest threats.

The ongoing nature of human risk management and cybersecurity awareness training is an argument for having best-in-class tools to administer these programs and track their results. A human-risk-centric cyber awareness platform like Mimecast's that includes a flexible set of dashboards can make a huge difference in the success of a training program.

What a Good Dashboard Enables

How employees approach a risk area like email will never be completely within a CISO's control. But security leaders can increase the odds of better practices - and reduce their organizations' exposure - with the capabilities provided by a good cyber awareness console or dashboard.

An effective cybersecurity awareness training dashboard provides:

Employee Participation Tracking: The first thing you want to know, after you start your cyber awareness effort, is whether the people who should be engaging with the training modules are doing so. A good dashboard makes this easy to track. There will be screens that display the percentage of employees that have completed the required lessons. Administrators can break down their status checks more finely than this to view participation by geography, department, or individual.

Training Results and Trends: Cyber awareness training is successful when it leaves employees knowing what the threats are and what they should be watching for. You want your employees to have a thorough understanding of password best practices, for example, and have their radar out for phishing attempts. For instance, a treasurer who gets an email, seeming to come from the head of sales and asking for three $200 gift cards, should be able to recognize the telltale signs of a phish - like an invalid email reply address or a tone or grammar inconsistent with their colleague's way of communicating.

It's up to your cybersecurity awareness training program to impart this knowledge, ideally through interactive learning modules. Dashboard data highlighting real-time results from scheduled modules or trend data over time can tell you at a glance whether your people are getting more cyber capable and vigilant.

Administration and Scheduling Functionality: Cybersecurity awareness training typically consists of multiple learning modules administered over the course of many months. There may be refresher lessons, brand new topics, and various forms of learning - from interactive videos to phishing simulation campaigns.

At a company with many employees and multiple offices, scheduling, distributing, and tracking all that training can become very complex. A good dashboard makes things easier. It allows you to decide which module you're distributing when and to whom. A dashboard can also provide templates to help craft emails alerting the workforce to new training they need to take.

Performance Against Goals or Industry Benchmarks: CISOs have specific goals, at any given time, for what they want their cyber awareness program to achieve. The aim may be high level, like a minimum 95% completion rate of any newly issued learning module within two months of its release or ensuring all newly onboarded employees complete basic training within 90 days of joining the company. Dashboards track performance against these benchmarks.

Some dashboards can also provide an all-in cybersecurity awareness training "score" of the CISO's company and comparison to peers in the industry or other industries. That's the kind of metric that the C-suite and board of directors will want to know about.

Phishing Simulation Management: CISOs are increasingly using phishing simulation campaigns as a way of gauging their staffs' cyber awareness. A de-weaponized phish is sent to some portion of the employee base. The email may appear to come from Amazon or Netflix, for example, and take the form of a request for resetting a password. These tests can be learning opportunities for employees, who are immediately told that they clicked on a would-be phish and also alerted to the signs that could have tipped them off to the scam.

The dashboard can be used to launch the phishing campaign and track the results, enabling the cybersecurity team to look at patterns (ideally declines) in the number of phishes that get through. The team can arrange additional training for those individuals or teams who fall for the simulation.

Insight Into the Biggest Human Risks: In addition to aggregate awareness scores, dashboards can also provide individual scores. An employee may rank low on knowledge, which you might know because they are tricked by your phishing simulations or score low on interactive quizzes. If the same employee has a low engagement score (meaning they're spending relatively little time with your training modules), it may be a sign that they need more intensive, individualized instruction to get them to a satisfactory level of awareness.

Another Dashboard Benefit: Securing Funds for Future Awareness Training

The reporting capabilities of dashboards can also be useful in getting the budget cybersecurity leaders need to deepen their human risk management and awareness training programs and make them more effective. If you want to have a truly cyber aware employee base, you must go beyond the basics in your training program. That takes investment and high-level support. Dashboards can help here, too.

To be sure, it's going to take more than a set of summary awareness training reports to ensure that your training budget remains intact or grows. Ideally, the CISO can connect the dots between cyber awareness metrics and operational security performance. But the reports that a good dashboard generates can be a crucial part of the case you make for funding to the executive team or the board of directors.

The Bottom Line

Dashboards provide important capabilities for cyber awareness training programs. A good dashboard gives the CISO insight into how well the training program is working and enables administration and scheduling of training modules. Finally, it can create a foundation for growth in and funding for cyber awareness programs. Read how Mimecast Engage security awareness training and the integration of dashboards in its cybersecurity software can help.

**This blog was originally published on October 26, 2023.