{"id":6006,"date":"2019-03-18T21:05:44","date_gmt":"2019-03-18T21:05:44","guid":{"rendered":"https:\/\/www.n-able.com\/?p=6006"},"modified":"2021-07-12T14:30:06","modified_gmt":"2021-07-12T13:30:06","slug":"ins-and-outs-security-awareness-training","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training","title":{"rendered":"The Ins and Outs of Security Awareness Training"},"content":{"rendered":"<p>One of your customers\u2019 employees logs into their computer. They get an email from someone claiming to be their IT service provider, saying they must reset their password immediately (even though there wasn\u2019t any warning beforehand). They click a link without checking the destination URL, go to a phishing site, and enter the credentials for their email. The criminal now has access to their email credentials and starts a spear-phishing campaign.<\/p>\n<p>This scenario could have been avoided with a little caution. Solid security awareness training should have helped this employee think twice. Unfortunately, many businesses see training as a box they have to check for compliance. Employees often walk away and forget the training.<\/p>\n<p>As a managed services provider (MSP), you can\u2019t afford to be like most businesses. You must make these trainings as memorable as possible so employees remember what they have been taught. Beyond the security benefit, strong training helps reinforce your MSP brand and demonstrate the value you bring to the table.<\/p>\n<p>Today, I\u2019ll talk about what to include in security training. Just as important, I\u2019ll talk about\u00a0<em>how<\/em>\u00a0to cover these topics.<\/p>\n<h2>The nuts and bolts of security awareness training<\/h2>\n<p>Before I get into the \u201chow,\u201d let\u2019s talk about the \u201cwhat.\u201d<\/p>\n<p>First, decide the level of training you must give to your clients, and tailor your presentations appropriately. In some cases, you\u2019ll focus on compliance issues like HIPAA, PCI DSS, SOX, or GDPR. In other cases, you simply need to teach users good security policies.<\/p>\n<p>Regardless, most trainings should include at least the following:<\/p>\n<ul>\n<li><b>Phishing and social engineering:\u00a0<\/b>Users need to learn how to recognize phishing scams. Teach them to exercise caution around emails or websites that seem suspicious. In the example at the beginning of this post, the employee should have double checked the email domain before clicking the link to make sure it really came from their MSP. There are other signs as well\u2014they could have looked for bad grammar or misspellings, and they should have immediately been suspicious that someone was asking for their user credentials. Make sure to cover these signs of phishing to keep users safe.<\/li>\n<li><b>Password policies:<\/b>\u00a0Cover the importance of password strength and explain what makes a password strong. Remind them never to write the password down or store it in plain text. Additionally, you may want to show them how to enable two-factor authentication (2FA). Tell them to avoid using passwords across services. While covering passwords and authentication, part of your job involves persuading users why the inconvenience of 2FA or complex passwords matter. They\u2019re small prices to pay for protecting the business (and their employees) from data breaches.<\/li>\n<li><b>Device policies:\u00a0<\/b>Discuss the rules around fair use and how to properly secure and store devices. For example, make sure employees don\u2019t leave their machines unlocked when they leave their desks.<\/li>\n<li><b>Physical security:\u00a0<\/b>Remind employees to keep unknown people out of the building. In fact, even if they know the person, they should make sure they have their badges (to avoid a disgruntled employee starting a malicious insider attack). Remind them not to leave devices unattended in unsafe areas (like leaving their laptops on the ground while in the airport or sitting in open view in the car). Additionally, remind them never to store sensitive data out in the open, such as leaving printed forms with sensitive data sitting on their desks.<\/li>\n<\/ul>\n<p>There are certainly more areas to cover. However, these should get you started.<\/p>\n<h2>How to make training engaging<\/h2>\n<p>Training employees is one thing; helping them retain information is another. You\u2019re aiming not just for knowledge here\u2014you want behavioral change.<\/p>\n<p>First, consider going on site to offer the training rather than doing it online. For starters, it\u2019s a great opportunity for you to reinforce your brand and the value you provide to customers. But more importantly, you get to engage the audience in person, make sure people pay attention, and help reinforce the concepts. If people don\u2019t seem to truly understand the content, you can\u2019t adapt your explanation.<\/p>\n<p>Second, don\u2019t lecture\u2014involve the group. This can reinforce learning. Ask questions about the training, and consider offering rewards for participation (like a branded giveaway).<\/p>\n<p>One interesting tip\u2014ask the group to explain what you\u2019ve taught in their own words. This can reinforce retention, and it also gives you real-time feedback on your audience\u2019s understanding. You can correct misunderstandings, help your audience learn more efficiently, and also get tips on how to improve.<\/p>\n<p>Additionally, try to use real-life examples to reinforce concepts. The language that you use really makes a difference. A 20 year old may be more concerned with their social media account being hacked and not their retirement account.<\/p>\n<p>Finally, have handouts and leave behinds ready to go. Posters and reminder cards may be old school but they really do work to create a culture of security. This can also be a great branding opportunity for your MSP<\/p>\n<h2>Security training: more than a checkmark<\/h2>\n<p>Many companies hold trainings only to protect them from liability or to meet a compliance goal, but service providers need to go beyond this. People are often the weak link. Employees\u00a0 make mistakes that expose organizations. As a service provider, you must do your best to not only offer security trainings but make them engaging so your customers\u2019 employees retain the information and, hopefully, think twice before putting the company at risk.<\/p>\n<p><b>Additional reading:<\/b><\/p>\n<ul>\n<li><a href=\"https:\/\/www.n-able.com\/blog\/five-tips-for-creating-a-meaningful-security-awareness-training-program\" target=\"_blank\" rel=\"noopener\">Security Awareness Training Tips<\/a><\/li>\n<\/ul>\n<p><i><em>Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology,\u00a0including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim\u2019s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.<\/em><\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Creating a good security training program that covers everything your customers need to know is one thing, but creating one that sticks with them is a whole new ball game&#8230;.<\/p>\n","protected":false},"author":43,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-6006","post","type-post","status-publish","format-standard","hentry","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>The Ins and Outs of Security Awareness Training - N-able<\/title>\n<meta name=\"description\" content=\"Creating a good security training program that covers everything your customers need to know is one thing, but creating one that sticks with them is a whole new ball game. Tim Brown offers some tips.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Ins and Outs of Security Awareness Training - N-able\" \/>\n<meta property=\"og:description\" content=\"Creating a good security training program that covers everything your customers need to know is one thing, but creating one that sticks with them is a whole new ball game. Tim Brown offers some tips.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-18T21:05:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-12T13:30:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tim Brown\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Brown\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"5\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training\"},\"author\":{\"name\":\"Tim Brown\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8\"},\"headline\":\"The Ins and Outs of Security Awareness Training\",\"datePublished\":\"2019-03-18T21:05:44+00:00\",\"dateModified\":\"2021-07-12T13:30:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training\"},\"wordCount\":1026,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"articleSection\":[\"Security\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training\",\"url\":\"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training\",\"name\":\"The Ins and Outs of Security Awareness Training - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de#website\"},\"datePublished\":\"2019-03-18T21:05:44+00:00\",\"dateModified\":\"2021-07-12T13:30:06+00:00\",\"description\":\"Creating a good security training program that covers everything your customers need to know is one thing, but creating one that sticks with them is a whole new ball game. Tim Brown offers some tips.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/de\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Ins and Outs of Security Awareness Training\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/de#website\",\"url\":\"https:\/\/www.n-able.com\/de\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/de?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/de#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/de\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8\",\"name\":\"Tim Brown\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g\",\"caption\":\"Tim Brown\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The Ins and Outs of Security Awareness Training - N-able","description":"Creating a good security training program that covers everything your customers need to know is one thing, but creating one that sticks with them is a whole new ball game. Tim Brown offers some tips.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training","og_locale":"de_DE","og_type":"article","og_title":"The Ins and Outs of Security Awareness Training - N-able","og_description":"Creating a good security training program that covers everything your customers need to know is one thing, but creating one that sticks with them is a whole new ball game. Tim Brown offers some tips.","og_url":"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2019-03-18T21:05:44+00:00","article_modified_time":"2021-07-12T13:30:06+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"Tim Brown","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Verfasst von":"Tim Brown","Gesch\u00e4tzte Lesezeit":"5\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training"},"author":{"name":"Tim Brown","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8"},"headline":"The Ins and Outs of Security Awareness Training","datePublished":"2019-03-18T21:05:44+00:00","dateModified":"2021-07-12T13:30:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training"},"wordCount":1026,"publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"articleSection":["Security"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training","url":"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training","name":"The Ins and Outs of Security Awareness Training - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/de#website"},"datePublished":"2019-03-18T21:05:44+00:00","dateModified":"2021-07-12T13:30:06+00:00","description":"Creating a good security training program that covers everything your customers need to know is one thing, but creating one that sticks with them is a whole new ball game. Tim Brown offers some tips.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/de\/blog\/ins-and-outs-security-awareness-training#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/de\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"The Ins and Outs of Security Awareness Training"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/de#website","url":"https:\/\/www.n-able.com\/de","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/de?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/de#organization","name":"N-able","url":"https:\/\/www.n-able.com\/de","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8","name":"Tim Brown","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g","caption":"Tim Brown"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/6006","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/users\/43"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/comments?post=6006"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/6006\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/media?parent=6006"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}