Platform

Unify HRM Overview

Platform

Capabilities

Identify: HROC Dashboard
Human Risk Quantification (HRI)

Insights

Benchmarking

Protect: Action Plans
Nudges: Communications & Employee Scorecards

Training: Risk Based SAT and Phishing

Orchestration: Policy Playbooks

Report
Report
Measure progress and ROI of action plans

Board and Executive Reporting

Manager Reporting

Bundles

Unify Go
Start your journey to HRM here.

Monitor risk by:

Security Training Compliance

Phishing and Email

Unify Enterprise
Covers risk in Unify Go and adds:

Malware & Ransomware

Data Loss

Account Takeover

Featured Resources

Living Security Blog
What is Attack Surface Management?
link

Living Security Blog
Why Your Team Should Have A Business Continuity Plan
link
Solutions

Solutions Overview

Solutions

By Role

CISO
Provides CISO’s, executives, and boards a complete picture and prioritization of workforce risk by type, department, location, and more.
link

Security Awareness Team
Go beyond training completion and phishing click rates and proactively safeguard your organization from human-induced security incidents.
link

GRC
Identify, resolve and track commonly violated policies with granular accuracy to lower risk and improve workforce compliance.
link

SOC/IR
Unleash the true potential of your human firewall with data-driven insights and action plans that curb threats before they become incidents.
link

By Risk

Training Compliance
Monitor training compliance status for users and segments across the enterprise.
link

Phishing & Email
Identify the users most and least at risk to social engineering attacks and protect them.
link

Malware & Ransomware
Proactively protect users from malware including viruses, worms, Trojan viruses, spyware, adware, and ransomware.
link

Data Loss
Pinpoint when data is at risk of leaving your controlled environment through unauthorized access or malicious intent.
link

Identity Threats
Get visibility into the most susceptible users for account compromise and mitigate their risk.
link
Products

Products

Products Overview
Transform how your organization approaches Security Awareness and Training by shifting to a proactive HRM approach that creates a strong culture of security.

Living Security Blog
What is Attack Surface Management?
link

Unify Human Risk Management
Establish a proactive security loop.
Security Awareness Training
Interactive compliance training for modern threats.
CyberEscape Rooms
Put your team in the center of security scenarios
Cybersecurity Awareness Month
Create a cyber vigilant workforce in October
Cybersecurity Engagement Training Go beyond compliance training Phishing
Stop social engineering attacks in their tracks with realistic simulations and training
across phishing, vishing, smishing, and more.
HRM

HRM

Human Risk Management: Proactive Security
Human Risk Management (HRM) is the process of identifying, assessing, and mitigating risks associated with human behavior in relation to an employee's use of technology.
HRM Maturity Model
How far is your company along the path to true proactive security?

Living Security Blog
What is Attack Surface Management?
link
Resources

Resources

Resources
Level up on Human Risk Management with a comprehensive collection of webcasts, whitepapers, ebooks, and more.
Blog
Access hundreds of informative blogs with deep dives and best practices relating to the full array of cybersecurity risks we face.
Webinars
Watch dozens of webinars tackling some of cybersecurity’s biggest challenges featuring thought leaders from leading organizations.
Case Studies
See how a variety of organizations utilize Living Security’s HRM Platform, Training, and Phishing to reduce risk with proactive defense.

Partners
Human Risk Management Powered by Partners.
Technology Alliance Program
Extend the value of your offering with HRM.
Partner Support
Unlock your potential with our partner hub.

Living Security Community Share HRM best practices Newsroom Read the latest news on Living Security. Support
The more you know, the more you grow.
Why Living Security
Establish a proactive security loop.
Start Now

September 13, 2021

Why Once-a-Year Security Training Isn’t Enough

Cybersecurity awareness month is just around the corner, and all over the country, CISOs and security program owners are gearing up for their annual security awareness training. While October is an ideal time for companies to talk with their end users about security, it shouldn’t be the alpha and omega of your security awareness program. Educating your users about cybersecurity for one month out of the year is like only brushing your teeth on Tuesdays (i.e., not consistent enough to be effective).

Realistically, a “Hey, it’s fall, let’s talk security” approach may succeed in getting your users to recognize certain threats, but it’s unlikely to help users build the kind of habits that will minimize your organization’s risk of accidental exposure. Science bears this out: according to a study published in the European Journal of Social Psychology, it takes anywhere from 18 to 254 days to establish a habit, with the average being 66 days.

So, how do you transform your security awareness program from a once-a-year booster shot into a recurring monthly program that helps your users develop smart, lasting habits around cybersecurity?

1. Make safe choices the default.

It’s easier to build habits when you don’t have to consciously think about choosing one action over another. Take a cue from behavioral science and make cybersecurity the default by employing things like MFA, password managers, and zero-trust architecture at the enterprise level.

2. Frame security as part of the company culture.

High-performance workplaces focus on values, not compliance. Make cybersecurity an ideal to live up to instead of a rule to be followed (with the implied threat of “or else”). This shifts the conversation from telling users what they can’t or shouldn’t do to empowering them to make smart decisions.

3. Appeal to social norms.

One study showed that hotel guests are more likely to reuse their towels when told that 75% of their fellow guests do so than they are when told that reusing towels is good for the environment. This makes sense: we’re social creatures, after all. We judge our behavior and performance based on what our peers are doing. One way you can use peer pressure to reinforce positive cyber hygiene is by telling them how your training program has impacted other users’ knowledge or behavior. For example, our Fortune 100 telcom client split up their users to test the new Living Security training. The result: those that took the training had a 43% lower click rate on phishing simulations than their peers who didn’t take the training. Be sure to frame your statements in terms of what your users are doing right instead of what they’re doing wrong; people are more likely to continue a negative behavior if they think everyone else is doing it, like in this journal article on the success of managing social norms for persuasive impact. Another way to appeal to social norms is to show your users how their skills stack up against their peers. Our comprehensive security awareness training platform includes a leaderboard (we find that a healthy dash of competition makes training more fun!).

4. Increase retention using microlearning.

Research shows that breaking lessons up into small pieces can improve learners’ interest in and retention of the material. Living Security makes it fun and easy for your users to incorporate security awareness into their schedule with engaging, Netflix-style videos and micro- and nano-lessons.

5. Make every month cybersecurity awareness month.

Consistency is key to building and maintaining habits. That said, it can be hard for program owners to keep up a steady drumbeat of relevant, interesting, fun security awareness content for their users. Our Campaign in a Box solves that problem, instantly improving your security awareness program with a month’s worth of content and education for your end users, pre-packaged and made easy to share across email, Slack, or any communication method that works best for your organization. We launch a new topic every month, allowing you to keep security awareness top of mind all year round.

Want to stay up-to-date on human risk management trends and best practices? Download the 7 Essential Trends Of Human Risk Management for 2021 guide today.