How the Best Organizations Manage Security Awareness Training Programs


Yawn. I’ve been here for six hours and all I’ve seen so far is someone who cut their finger slicing potatoes and someone who burned themselves trying to fry a turkey. What a lame Thanksgiving. I thought my first time working a holiday at a prestigious hospital would be more eventful than this. Time to play some web games…

CRUD!!! Oh no. No no no no no. I’m in trouble!! I need to call the helpdesk before this gets really bad…

Mistakes like this happen every day and can lead to serious attacks. The person playing web games in the story above is based on a true story; fortunately, the ransomware was safely quarantined – unfortunately, the employee was fired.

As humans, sometimes we make poor decisions that lead to malware attacks, or we choose easily deciphered passwords, or maybe we fall victim to a clever phishing scam. These are all things that good security training programs can prevent.

The Importance of Security Awareness Training

We all know that Healthcare must provide Security Awareness Training (SAT) so that employees learn how to identify, prevent, and report potential security events, but some programs are more effective than others.

SAT has evolved tremendously over the years. It’s no longer a “check the box” training. The best programs use engaging, personalized storytelling, and change human behavior by offering content that’s memorable– because that’s how people remember and retain information best.

A good SAT is also built to increase adoption and minimize training fatigue. Sitting down for a 30-60 minute training isn’t ideal, so aim for short, 5-7 minute trainings once a month.

Gone Phishing

Even the most robust email filters on the market can’t block everything – phishing emails can still get through; recurring training is essential so employees can recognize and report potential security threats. Provide training regularly – at least quarterly, but preferably monthly – make cybersafety part of your organization’s culture. This will instill confidence in employees’ choices and habits, and they’ll feel included in protecting the safety of the entire organization.

At Fortified, our SAT program includes monthly security awareness training and regularly deployed phishing emails (and even text messages) to employees to validate training effectiveness and to help identify areas that may need additional training. Oftentimes, those who take the phishing bait are repeat offenders, so we can provide additional training  for those employees.

The Benefits Managed Security Awareness Training (M-SAT) 

Rolling out and managing an effective SAT program is hard and requires a LOT of manhours – it can be extremely time-consuming and costly when done in-house. Not to mention the strain (and potential turnover) it places on analysts within the organization to constantly monitor and administer phishing results and employee reports of possible threats.

Outsourcing SAT is a great way to increase adoption rates, decrease workload, and motivate employees to become engaged in a culture of cybersecurity awareness – all for a fraction of the cost the organization would pay to manage it on their own.

If you’d like more information or want to learn how Fortified can manage your SAT Program, please contact us at: