The 3 Steps of New-School Security Awareness Training

New-School Security Awareness Training results

One annual, all-company training session no longer protects you against social engineering; New-School security awareness training is what you need.

Did you know that 91% of successful data breaches start with an employee responding to a spear phishing attack? There’s more bad news. The average cost of a ransomware attack on a business is $133,000 – and we’ve all seen reports of far higher ransom payments. It often takes more than a week to regain access to data that’s being held hostage. The FBI reports that CEO Fraud (a.k.a. Business Email Compromise) is a multi-billion dollar scam. But even as careless (let’s call them under-trained) employees are the cause of so many breaches, they can also become your last best defense against malware. They can become a human firewall through New-School Security Awareness Training.

How does New-School Security Awareness Training work? There are three main steps.


First you do a baseline test to uncover your organization’s vulnerability index. Ecessa, through our partner JDL Technologies, offers a free phishing security test for organizations with over 25 users. Testing your employees will return a vulnerability (phish-prone) number that is probably worse than you expect. That number (and the associated risk of falling victim to ransomware) will help you get a training budget.


Second, deploy interactive, engaging online training to teach all of your employees how to avoid phishing and become a human firewall. Incorporating videos, games and newsletters makes the content interesting and increases retention. The training platform you select should contain multiple training methods and make administration simple with automations and a dashboard so you can see how training is progressing.


The third step is to perform frequent (at least monthly) simulated phishing attacks to ensure your people have internalized their training and are doing things right. The platform you select should include functionality to simplify sending simulated phishing emails and measuring the results.

The platform we use, KnowBe4, is the world’s largest security awareness training and simulated phishing platform. Based on results from a 2020 study of over four million users, they reported that an average “phish-prone” starting percentage of 37.9% dropped to just over 14% after three months of training and testing, and went all the way down to 4.7% after 12 months of training and testing. This reduction in human element risk results in reduced malware infections, reduced data loss, reduced potential cyber-theft and increased productivity.

If this sounds like something you’d like to implement at your organization, please contact us. Organizations of any size can request a free KnowBe4 simulated phishing test, too. We want your employees, your customers and your data to stay safe!