Security Awareness Training
For many, technology is moving faster than its ability to remain secure. With the rate of learning falling behind the pace of technology change, employee security education remains one of the most critical layers of security defense available to your organization today.
That’s why we partnered with Infosec, developers of the market-leading Infosec IQ security awareness and training platform, to empower your employees with the knowledge and skills to stay cyber-secure at work and at home.
Infosec is a Leader in the Gartner Magic Quadrant for Security Awareness Computer-Based Training and a two-time Gartner Peer Insights Customers’ Choice. It’s recognized for providing the largest and most diverse training content library, including security awareness CBTs, phishing simulations and assessments.
Our solution is a cloud-based security awareness training SaaS solution designed to meet three key objectives:
- Educate employees and motivate behavior change with security awareness training. Our platform’s massive library of the industry- and role-based training resources helps you deliver engaging, relevant training to every member of your organization.
- Empower employees to detect and report phishing attacks. Using our platform, you can build simulated phishing campaigns from over 1,000 templates to teach employees how to avoid the most dangerous phishing threats they face.
- Track compliance, assess security risk and prove training success. With our platform, it’s easy to track and share your organization’s compliance score and phish rate. The platform’s pre-built reports and charts help you identify behavioral trends over time and prove the success of your program at the organization, department and individual learner level.
Methodologies to meet these objectives include:
- Training content mapped to the National Institute of Standards and Technology (NIST) cybersecurity framework. Infosec uses NIST guidelines to not only develop its Infosec IQ security awareness and training curriculum but to also build features, automation tools and reports that make it easy to track compliance and mature your program over time.
- Reporting, analytics, and assessments to quantify training impact and detect employee-related risks before breaches occur.
- Ongoing support in program implementation and design, execution and reporting.
Every organization — and every employee — is susceptible to phishing emails. This makes simulating a wide variety of phishing attack types crucial. Prepare your staff and uncover vulnerabilities with our platforms’ library of 1,000+ simulation templates. You can build your own templates using the easy-to-use WYSIWYG editor, or select from the following attack types:
- Data entry (including optional data-entry tracking)
- Business email compromise (BEC)
- Malware and malicious attachments
Along with phishing education, our platform delivers in-the-moment training tailored to the attack types your employees click. Real-time phishing training includes modules, phishing education pages and phishing indicators that highlight red flags employees should have spotted on the phishing email they clicked.
Suspicious Email Reporting Tool
Encourage employees to play an active role in your organization’s security by reporting suspicious emails from their inbox. When an employee uses the PhishNotify™ report button, the email is marked as spam or moved to their trash and a message indicates whether the email was a simulated phish or a possible threat.
Our platform records all employee reporting data so you can identify your most responsive employees and track your organization’s phishing report rate. Reported emails remain in your quarantine with the original sending information, email contents, and attachments for 14 days so your team can pinpoint attacks and identify trends.
Measure security aptitude and lesson retention at the employee level with learner assessments. Assessments help you establish baseline comprehension, identify knowledge gaps and deliver personalized training based on security education needs.
Choose from dozens of pre-built assessments or build your own to measure comprehension of the cybersecurity topics most important to your organization. Assessments are organized by topic and can be quickly added to any awareness campaign to monitor employee retention and knowledge recall.
Our platform maps every training module to one of nine core security topics from the NIST security awareness and training guidelines. By associating training content with NIST recommendations, our platform calculates your organization’s compliance score that reflects training completion over time — essentially, the who, what, when and how of your training efforts. For example, our platform can generate reports on who in a specific department did not complete any training within the last three months.
You can easily download compliance reports for stakeholders or auditors and use data to guide your ongoing training efforts.
You can also monitor your organization’s phish rate over time and adapt training to address employee knowledge gaps. Analyze your entire organization or filter by the department to easily identify your best and worst performers.
From the management dashboard, you can evaluate your phish rate and simulated phishing attempts together to correlate your organization’s phish rate with your phishing program.
We’ll have your back throughout the security training journey. We can set up templates, modules, and reports, and answer technical questions. We can also handle the training process for you end-to-end. Contact Technical Framework today to get started!