What Is A Good Security Awareness Training Solution For a Small Company

egrizzly

The new startup I work for has less than 100 employees guys. We've been hunting for a convenient security awareness training solution.  Can you all recommend one that is easy and affordable? 

Again, it's a company with less than 100 employees.  Thanks in advance for the participation, comments, and tips guys.

SteveLavoie

I am working with a small partner in Quebec, Canada, their training is web based and available in french and english (among other language). Price is affordable  https://www.kereon.com/security-awareness-program/?lang=en

Their training solution is well liked among my customer (most are under 100 employees)

Neil86

I'm not very experienced in this, but at my previous employer we used KnowBe4. We received good feedback from staff that they enjoyed the training videos and the phishing campaigns we implemented. It was my first experience playing a role in security awareness training and I enjoyed it a lot. I found it very easy to use too. Can't comment on affordability, though. I do remember we were able to offer English and Spanish versions.

https://www.knowbe4.com/

stryder144

The startup I was working for, at less than 50 employees, was looking for training like this.  We found KnowBe4 to be the most affordable along with having an extensive catalog.

UnixGuy

I used wombat security in the past...good enough, gets the job done

egrizzly

Oh, wow. These are all good suggestions. I consider my search done.  Thanks a mil guys.

JDMurray

Just make sure the written security policies of your business are in alignment with the information presented in whatever training material you provide to your employees.

stryder144

JDMurray said:

Just make sure the written security policies of your business are in alignment with the information presented in whatever training material you provide to your employees.

That is a great point, one I failed to consider when recommending KnowBe4.  Nothing worse than either the training not aligning or there being some unenforceable provision in the security policy.

LonerVamp

What are you looking for when it comes to security awareness training? Tracking completion or some other form of assessment? Polished video content? If you're tracking completion, what is the driver? Regulation, policies? If someone refuses to take it, do they get fired or any punishment at all?

I mean, with 100 persons, you could require they attend a 30-60-minute training talk that you lead. Track attendance in Excel. Done. This keeps things entirely tailored to your needs, policies, and requirements. You could even publish your own PPT/PDF, and there are sites that let you do testing, much like ad hoc surveys with SurveyMonkey. (I wish I could remember what I've used in the past, but alas...)

I guess my point is, don't make this too crazy and don't spend money if you don't need to. A startup with 100 emps...I'd love to spend that money somewhere else.

Infosec_Sam

Hey there, @egrizzly! If you're still looking for an awareness solution, I'd encourage you to also check out Infosec IQ! We have a huge library of content, both on the awareness education side and the phishing simulation side. We actually just released a new campaign kit the other day in our Resource Center, which we're really proud of - you should check it out! And feel free to reach out if you have any questions!