How Often Do You Need to Train Staff on Cybersecurity Awareness?

Did you know that a four-month frequency is the sweet spot for staff security awareness training?

People can’t change behaviors if training isn’t reinforced regularly

One-a-year cybersecurity awareness training isn’t enough to create a culture of cybersecurity.


So, how often is often enough to improve your team’s cyber hygiene?


It turns out that training every four months is the “sweet spot” when it comes to seeing consistent results.

What to Train Employees On to Develop a Cybersecure Culture

  • Phishing by Email, Text & Social Media
  • Data Security
  • Password Security
  • Mobile Phone Security

There was a study presented at the USENIX SOUPS security conference recently. It looked at training on phishing awareness and IT security.
Employees took phishing identification tests at several different times:


  • 4-months
  • 6-months
  • 8-months
  • 10-months
  • 12-months

The study found that four months after their training scores were good. Employees were still able to accurately identify and avoid clicking on phishing emails. But after 6-months, their scores continued to decline the more months that passed after their initial training.


They needed to train and refresh staff to keep them well prepared.

To ensure everyone understands the need to protect sensitive data you need to create a cybersecure culture. In addition to avoiding phishing scams, and keeping passwords secure.


According to the 2021 Sophos Threat Report. One of the biggest threats to network security is a lack of good security practices.

The report states the following,

“A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”

Well-trained staff significantly reduce a company’s risk. They reduce the chance of falling victim to any number of different online attacks.



Here are some examples of engaging ways to train employees on cybersecurity. You can include these in your training plan:

  • Self-service videos that get emailed once per month
  • Team-based workshops
  • Security “Tip of the Week” in company newsletters
  • Training session given by an IT professional
  • Simulated phishing tests
  • Cybersecurity posters in common areas
  • Celebrate Cybersecurity Awareness Month in October

When conducting training, phishing is a big topic to cover, but it’s not the only one. Here are some important topics that you want to include in your mix of awareness training.

Employees must know what these look like, so they can avoid falling for these sinister scams. Email phishing is still the most prevalent form. But SMS phishing (“smishing”) and phishing over social media are both growing. Talk to Orbitel about a simulated phishing test we can run for your employees.

Credential theft is now the #1 cause of data breaches globally. This makes it a topic that is critical to address with your team. Discuss the need to keep passwords secure and the use of strong passwords. By using a password manager, you minimize the risks.

Mobile devices are now used for a large part of the workload in a typical office. They’re handy for reading and replying to an email from anywhere. Most companies will not even consider using software these days if it doesn’t have a great mobile app.


Review security needs for employee devices that access business data and apps. Such as keeping it properly updated and securing the phone with a passcode.

Data privacy regulations are something else that has been rising over the years. Most companies have more than one data privacy regulation requiring compliance.


Train employees on proper data handling and security procedures. This reduces the risk you’ll fall victim to a data leak or breach that can end up in a costly compliance penalty.

1 in 5 organizations had an account compromised in 2021

Various strategies can help protect small businesses from the activities of hackers. At Orbitel Technologies, we employ multiple techniques to secure your business.


Contact us to schedule a free IT Security Review.

Article used with permission from The Technology Press.

Orbitel Technologies

If you’d like to find out more about our managed service offerings. Get in touch, talk to a specialist today!


614a Marion Road, Park Holme 5043