An employee at a company gets an email that looks like it’s from their boss, asking them to open a link or download an attachment for a project. The employee performs the task as requested, only to later discover their account was compromised!
This employee was the victim of a social engineering phishing attack, where the hacker took advantage of human nature to deliver a payload and gain access.
An estimated 57% of companies experienced social engineering or phishing attacks, and approximately 1 in 36 mobile devices have high-risk apps installed.
If that’s not scary enough, there is so much more cybersecurity nightmare fuel out there. Some frightening statistics can be found on Varonis’s website.
Cybersecurity awareness training is critically important for all employees of all companies. Big or small, companies should have employees of all levels learn the importance of protecting themselves and the company from cyberattacks and social engineering to reduce the risk of compromise via human exploits. It is important to impress upon all employees why security awareness training is crucial, so they actually want to do it and it doesn’t just become an annoying HR item.
We highly recommend you choose one of the great, paid-for programs out there. We have a short post about cybersecurity awareness training vendors – KnowBe4, Cofense, Sophos, MediaPRO, and many more – are all excellent options. Cybersecurity awareness training platforms are usually inexpensive, especially when considering their incredible ROI.
But uh oh, your company just lost money in a phishing attack, and you didn’t have cybersecurity training budgeted this year! What are you going to do?
Well, there are free options available, and all of the free options offer some benefits. Unfortunately, they all have some drawbacks as well. The free cybersecurity training programs available range from fine to good, none of them are great. They might offer good advice but won’t have a learning management system (LMS) to help track your employee’s progress. These will require more time and effort on your end to make sure your team understands the information. Others have an LMS but offer mediocre cybersecurity advice.
Let’s take a look at what each of the notable free programs has to offer, and discuss their pros and cons.
What to look for in a free cybersecurity training program?
Elements to consider when evaluating a cybersecurity training program (free or otherwise) include the following:
Good content – The training content should cover many (if not all) aspects of cybersecurity and give good advice about topics including (but not limited to) malware, viruses, personal data, compliance, mobile devices, Bring Your Own Device (BYOD), passwords, patching, staying safe online, and spotting a scam.
Quizzes and analytics – How would you know that the program is headed where you want it to go? Or that the awareness training is worth all the time and money put into it? It is important to have a way to measure training effectiveness. A few ways to do that is through phishing tests, quizzes, and surveys.
High-quality videos – Is the production high quality? Is there good animation or other visuals and good sound quality? Clever animations engage viewers, help them absorb the information, and remember it. Poor production values and boring presentation distracts from the content. IT fatigue is a thing after all! If someone requires you to do extra work with no extra pay, the least they can do is make the activity enjoyable. Making security training a fun and engaging process not only means that your staff will stay the course and they will likely learn more from the lessons.
Administrative Features – Does the program have administrative features such as program management, alerts notifications, reports, and recommendations? These go a long way in helping you administer and track the program.
With that in mind, here are the free cybersecurity awareness training solutions available today.
Comparison of Free Cybersecurity Training Programs
Varonis Internet Security Basics
Varonis is a software company with a security software platform that allows organizations to track, visualize, analyze, and protect unstructured data. They also have a video series to educate viewers on the security risks they face online. it is meant for anyone with a basic familiarity with computers, web browsers, and mobile devices.
Troy Hunt, a world-renowned internet security specialist, delivers this content. To no one’s surprise it is, hands down, the best content you can get for free. Useful topics are covered and the advice they give is excellent.
However, the content is exclusively limited to videos. It’s not a full LMS. It offers no other features, which makes it much harder to incorporate into a training program.
Wizer Free Security Awareness Simply Explained
Wizer is a full LMS. It has videos, quizzes, administration tools – the works. It offers a lot of value for (no) money.
The videos are fun to watch, they are short and playback speeds can be set (so go ahead and put them on 1.25 or 1.5 speed like you would an audiobook or podcast). The platform will make sure that the users don’t skip anything, watch the entire video, and take the quiz.
Administrators can specify deadlines to complete the training, can send follow-up reminders to the team, and keep track of their progress. They also issue a little completion certificate once you complete your training.
Unfortunately, not all of the advice is actually good. One example, the program recommends using passphrases like “correct horse battery staple” for passwords. This is not advisable, as we have discussed in the past.
There is also a premium version, which unlocks more tools for the LMS and gives you more content. But it doesn’t change the quality of the advice already there.
ESET Basic Cybersecurity Awareness Training
ESET is an internet security company that offers anti-virus and firewall products. They also provide on-demand cybersecurity awareness training – 60 minutes of training content for free.
They have 60 minutes of free training content. Videos cover all the basic topics like threat overview, password security, web protection, social engineering, and email protection. The content covers the topics as well as can be done in just 60 minutes of free training.
The videos don’t have speed control, which is not a big problem, but users can skip the video and go directly to the quiz, and the quiz is like one question. Don’t rely on the provided quiz if you want to measure the effectiveness!
The free solution only gives you the cybersecurity awareness training content and best practices for remote employees. Like with Wizer, there is a paid version available which gives access to 30 extra minutes of content and some basic management features.
Udemy Certified Secure Netizen
Udemy is more popularly known for being a self-paced online learning and teaching marketplace aimed at professional adults and students. One of their free course offerings is “Cyber Security Course for Beginners – Level 1.”
This course is not marketed as employee cybersecurity awareness content but provides a wide overview of cybersecurity concepts and practices. The language used is simple and focuses on making non-technical users understand the realm of cybersecurity.
This is not a Learning Management System and offers no program management or ways to measure effectiveness.
Udemy’s cybersecurity awareness course may be more suited for non-technical netizens and may not be ideal for company-wide cybersecurity awareness training. It could be useful to get individual employees up-to-speed if they are completely unfamiliar with online safety.
Something is better than nothing.
Cybersecurity awareness training reduces the risk of your company experiencing a data breach, and every single company should incorporate training of some sort into their program.
We highly recommend picking a paid program. They almost always offer superior content and great management tools on hand will vastly improve your experience and make the training much more effective.
If you don’t have the budget for a paid program, one of these free options is better than nothing. Pick one, run the training, and evaluate what worked and what didn’t work – both from a user-experience and a management viewpoint. This will help guide you to pick a paid program that is the best fit for your needs when you can budget for it.
Social engineering is the cyberattack tool of the century, from phishing emails to spoofed phone calls and physical breaches. This makes it important for every organization to train their employees in some way, shape, or form. It is necessary to create a culture of security, to instill in everyone the beliefs, values, and attitudes that would steer behaviors to protect and defend the organization from cyberattacks.
Training programs can help make cybersecurity awareness as much a part of your company’s culture as coffee breaks. Security might not feel as essential as a flowing supply of coffee is for your business’s success, but it’s up there. We promise.
Want to get great cybersecurity content delivered to your inbox? Sign up for our monthly newsletter, Tales from the Click! https://fractionalciso.com/newsletter/