How to make security awareness training successful

minute read

Last Updated January 24, 2024

Category Cybersecurity


Threats are increasing and you’re the first line of defense. The best way to ensure you can handle a threat? Start contributing to a security-first culture with security awareness training.   

In this post, I’m sharing how you—and everyone at your business or firm—can put security first, starting with: 

  • Facts about the biggest security threat to businesses. 
  • Strategies for preventing breaches caused by human error. 

You are the biggest threat to your organization  

You have the greatest proximity to your business and client data. Therefore, it’s up to you to protect it.  

Unfortunately, as you’re probably aware, human error is the biggest cybersecurity threat to businesses. In fact, the “human element” was part of a whopping 82% of breaches in 2021 (Verizon, 2022). This staggering statistic exemplifies how every business has employees unknowingly exposing their organization to risk all the time.  

Email continues to be the most common way employees expose data 

According to a survey by Trend Micro last year, three-quarters of all threats originated via email. (Trend Micro, 2022).  

Consider the trend of spear phishing, which goes beyond typical phishing to personalize threats.  

In spear phishing, a victim receives a message from an attacker who has done their homework. The attacker may have researched you, your organization or your industry—then uses that research to personalize an email. 

To the victim’s eyes, the email seems legitimate because it looks like it’s coming from a trusted source and contains pertinent information. 

The results of successful spear phishing may include:   

  • Installation of malware on a company device, opening your entire network up to the attacker.  
  • Data loss, including loss of protected customer data. 
  • Loss of funds due to fraudulent payments (initiated by employees/your company, your vendors or your clients) to attackers.  

As cyberattacks like spear phishing mature, so should security  

Businesses without property security measures in place are in jeopardy.  

As recently discussed in our cyber insurance resources, failing to enact a proper security strategy leaves your business financially vulnerable. The reputational costs of recovering from a breach are huge, with small businesses far less likely to be able to recover from the impact of an attack than their larger counterparts (Forbes, 2022).  

What should a small business do to prevent breaches caused by employee error?

Now that you are aware of just how crucial your role is in keeping your business safe—and how many risks are facing you and your colleagues each day—you are likely wondering how to begin to build a culture where security is top-of-mind.  

Shifting your culture is easier said than done; with staffing shortages in professions like accounting, employee time is precious. It’s no secret that appropriate mindshare is not always given to security.  

But based on our experience with accounting and business professionals, we believe that security awareness training is the cornerstone of any emerging security program. With people your main source of risk and email the main attack vector, it only makes sense to train your employees and then invest in the appropriate managed security solutions.  

How to make security awareness training successful 

Here are our suggestions on how to make your security awareness training successful, ultimately enabling you to build a culture of security: 

Make security awareness training fun

Choose a training platform that has gamification elements. It is motivating for employees to see who on their team finishes their training early or performs well on assessments. You might even consider incentivizing high performers.

Provide ongoing education

Given the constant introduction of new threats across the landscape that your employees may encounter, it is important to deliver training monthly. A security partner can help you choose impactful, ongoing training that keeps pace with the biggest threats in your industry or vertical.

Keep it simple and stay mindful of employee time

Here again, you may want to consider a vendor that manages your security awareness training for you. Using a partner to manage training means you get the most impactful, yet time-efficient experience with hand-picked lessons. Exercises can be less than five minutes each to enable your employees to complete training between calls.

Track it (and not just for audit or compliance purposes)

Make sure there are engaging quizzes included with each security awareness training video your employees are assigned to watch. Follow up with employees as needed based on their assessment scores. While it is best practice to assign security awareness training to all employees, in some positions and industries, additional training may be required. Use assessment results to identify individual gaps and follow up with more tailored content accordingly. This is another area in which having a managed security partner can be helpful.

Set the example

If your goal is to build a culture of security, it starts at the top. Leadership should take all assigned training and continually vocalize what they have learned to their teams.  

After taking these actions, you’ll be well on your way to establishing and contributing to a culture of security. 

Get to know more about establishing a secure culture with solutions that keep every type of business and firm safe 

Recommended next

Cybersecurity best practices: Break bad habits now


Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.