Security Awareness Training: The Key to Email Security Success

As email has become an increasingly popular cyber-attack vector, companies have responded by throwing more technology at the problem–firewalls and filters, spam blockers and blacklists. All of these are critical steps in helping to secure a business. However, it’s important to note that most email-based phishing, ransomware and other attacks also rely on human fallibility to make their exploits successful.

That’s why security awareness training and phishing simulations have become such an important part of a multi-layered approach to email security. All the technology in the world isn’t much help if you can’t stop employees from opening obviously suspicious attachments or sharing sensitive information through their email accounts.

Fortunately, businesses are now beginning to get wise to the importance of training. According to CompTIA’s 2018 Industry Outlook Report: 10 Things to Know, companies are increasingly realizing that protecting the network is no longer enough. The report states that preventing and mitigating data breaches will be reliant on integrating best practices implemented throughout the business, including in the behavior of every employee. That means companies will begin building business processes that enhance their security and increase their focus on training to help guard against human error.

“In short, companies will shift their security mindset from technology-based defenses to proactive steps that include technology, process, and education. There is no doubt that companies are taking security more seriously, but now they must realize that modern security demands a different mentality rather than just more of the same,” the report states.

Tips for Establishing Effective Training

How you approach that training can make all the difference. Circulating lengthy explanations of company security policies won’t cut it. Training should focus on the types of likely attacks, how to recognize suspicious emails, and the potential cost of the common types of mistakes employees make when it comes to phishing and other attacks.

The goal is to alter employee behavior around email security. Combining these types of training with ongoing phishing simulations and other tools can help staff develop the skills necessary to protect themselves and their companies.

Most likely, your customers are going to need to help with training and simulations; so this is something MSPs should be prepared to deliver. Most companies don’t properly train users about phishing, and those that do often don’t train enough or with enough frequency. Most employees aren’t familiar with phishing or ransomware, how the attacks work, or how to recognize them.

This not only leaves them vulnerable to attack; it may also create compliance issues in some industries where cybersecurity training may be mandatory.

Barracuda MSP offers a full suite of email security tools, but also provides training and simulation systems to help our partners implement security awareness training for their own clients.

Our award-winning Managed PhishLine service provides end user email security awareness training via phishing simulations and other educational exercises. The solution helps employees recognize, avoid and report email-based attacks. PhishLine can simulate real-world attacks and includes data capture, analytics and reporting, in addition to analysis of employee performance. Because the solution is offered as a managed service, Barracuda MSP takes on the task of managing the phishing campaigns while our partners can stay focused on their mission-critical services.

Stats show that, on average, a concerning 13 percent of those who participate in a phishing simulation within the service actually click on the faux-threatening link. That’s a high number of employees vulnerable to these threats. The good news is that as individuals progress through the training, those rates decrease by nearly half by the time of the second phishing simulation. So, the education is effective.

Not only does the service let customers test their employees, but they can also measure their performance and conduct ongoing analyses on employee performance over time. Being able to track the progress of employees throughout the training program helps MSPs and business owners better identify and address end users in the need of the most help.

It would be impossible to completely eliminate the chance of human error when it comes to cybersecurity, but with the right simulation tools and a well-designed, ongoing security awareness training program in place, MSPs can significantly strengthen their defense against attacks and improve their overall security posture.

Brian Babineau is Senior Vice President and General Manager for Barracuda MSP. In this role, he is responsible for the company’s managed services business, a dedicated team focused on enabling partners to easily deliver robust, flexible IT solutions to customers.

 This guest blog is part of a Channel Futures sponsorship.