Security Awareness Training
Overview
The Awareness Training module helps you educate employees on security best practices. Deploy interactive training courses, track completion, and build a security-conscious culture.
Why Security Training?
The Impact
- Trained employees are 70% less likely to fall for phishing
- Regular training maintains awareness over time
- Compliance requirements often mandate security training
- Culture building through consistent education
Training Programs
What's a Training Program?
A training program is a collection of courses assigned to employees:
- Onboarding Training - New hire security basics
- Annual Refresher - Yearly compliance training
- Role-Specific - Training for specific roles (IT, Finance)
- Remediation - Additional training after phishing failures
Creating a Program
- Navigate to Employees → Awareness Training
- Click Create Program
- Configure:
- Program name
- Description
- Target audience (groups or all employees)
- Courses included
- Due date
- Save and activate
Training Courses
Available Courses
| Category | Courses |
|---|---|
| Phishing | Email security, link safety, attachment handling |
| Passwords | Strong passwords, MFA, password managers |
| Data Security | Data classification, handling sensitive data |
| Physical Security | Clean desk, visitor policies, tailgating |
| Social Engineering | Pretexting, vishing, impersonation |
| Remote Work | Home office security, public WiFi |
| Compliance | GDPR, HIPAA, PCI awareness |
Course Features
- Interactive Modules - Engaging content, not just slides
- Knowledge Checks - Quizzes throughout
- Final Assessment - Test comprehension
- Completion Certificate - Proof of training
- Multi-Language - Available in multiple languages
Assigning Training
Assignment Methods
| Method | Use Case |
|---|---|
| By Program | Assign program to groups |
| By Course | Individual course assignment |
| By Employee | Specific employee assignment |
| Auto-Assignment | New hires automatically enrolled |
Creating Assignments
- Open training program or course
- Click Assign
- Select:
- All employees
- Specific groups
- Individual employees
- Set due date
- Confirm assignment
Auto-Assignment
Configure automatic assignment for new hires:
- Go to Settings → Auto-Assignment
- Select program to assign
- Set timing (immediately, after X days)
- Enable
Tracking Progress
Dashboard Metrics
| Metric | Description |
|---|---|
| Assigned | Total assignments |
| Completed | Successfully finished |
| In Progress | Started but not finished |
| Not Started | Haven't begun |
| Overdue | Past due date |
Completion Criteria
Training is complete when:
- All modules viewed
- Knowledge checks passed
- Final assessment passed (if required)
- Minimum score achieved
Individual Progress
View employee training status:
- Courses assigned
- Current progress
- Completion dates
- Assessment scores
Reminders and Escalation
Reminder Configuration
Set up automatic reminders:
| Reminder Type | Timing |
|---|---|
| Initial | When assigned |
| Progress | If not started after X days |
| Due Soon | X days before due date |
| Overdue | After due date passed |
Customizing Reminders
- Go to Settings → Reminders
- Configure timing and frequency
- Customize email template
- Enable/disable reminders
Manager Escalation
Escalate to managers for non-compliance:
- Set escalation threshold (days overdue)
- Manager receives notification
- Track escalation in reports
Assessment and Certification
Assessments
Configure assessment requirements:
- Passing Score - Minimum to pass (e.g., 80%)
- Retakes - Number of retake attempts
- Time Limit - Assessment time limit
- Question Randomization - Random question order
Certificates
Upon completion:
- Certificate automatically generated
- Employee can download certificate
- Stored for compliance records
- Includes completion date and score
Reporting
Training Reports
Generate reports showing:
- Completion Summary - Overall completion rates
- By Department - Department comparisons
- By Course - Course-specific metrics
- Individual - Employee-level detail
- Trend - Completion over time
Export Options
- PDF - Formatted report
- Excel - Data for analysis
- Evidence Package - For compliance audits
Compliance Evidence
Training records serve as compliance evidence:
| Framework | Requirement |
|---|---|
| SOC 2 | CC1.4, CC1.5 |
| ISO 27001 | A.7.2.2 |
| HIPAA | §164.308(a)(5) |
Best Practices
Keep Training Short
Micro-learning is more effective. 10-15 minute modules have higher completion rates.
Make It Relevant
Tailor training to job roles. Finance should learn about invoice fraud; IT about system security.
Train Continuously
Annual training isn't enough. Regular micro-training maintains awareness year-round.
Follow Up on Failures
Phishing failures should trigger additional training, not just penalties.