Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security The Ins and Outs of Security Awareness Training
Security

The Ins and Outs of Security Awareness Training

By Tim Brown
18 March, 2019

One of your customers’ employees logs into their computer. They get an email from someone claiming to be their IT service provider, saying they must reset their password immediately (even though there wasn’t any warning beforehand). They click a link without checking the destination URL, go to a phishing site, and enter the credentials for their email. The criminal now has access to their email credentials and starts a spear-phishing campaign. 

This scenario could have been avoided with a little caution. Solid security awareness training should have helped this employee think twice. Unfortunately, many businesses see training as a box they have to check for compliance. Employees often walk away and forget the training. 

As a managed services provider (MSP), you can’t afford to be like most businesses. You must make these trainings as memorable as possible so employees remember what they have been taught. Beyond the security benefit, strong training helps reinforce your MSP brand and demonstrate the value you bring to the table. 

Today, I’ll talk about what to include in security training. Just as important, I’ll talk about how to cover these topics. 

The nuts and bolts of security awareness training

Before I get into the “how,” let’s talk about the “what.” 

First, decide the level of training you must give to your clients, and tailor your presentations appropriately. In some cases, you’ll focus on compliance issues like HIPAA, PCI DSS, SOX, or GDPR. In other cases, you simply need to teach users good security policies. 

Regardless, most trainings should include at least the following: 

  • Phishing and social engineering: Users need to learn how to recognize phishing scams. Teach them to exercise caution around emails or websites that seem suspicious. In the example at the beginning of this post, the employee should have double checked the email domain before clicking the link to make sure it really came from their MSP. There are other signs as well—they could have looked for bad grammar or misspellings, and they should have immediately been suspicious that someone was asking for their user credentials. Make sure to cover these signs of phishing to keep users safe.
  • Password policies: Cover the importance of password strength and explain what makes a password strong. Remind them never to write the password down or store it in plain text. Additionally, you may want to show them how to enable two-factor authentication (2FA). Tell them to avoid using passwords across services. While covering passwords and authentication, part of your job involves persuading users why the inconvenience of 2FA or complex passwords matter. They’re small prices to pay for protecting the business (and their employees) from data breaches. 
  • Device policies: Discuss the rules around fair use and how to properly secure and store devices. For example, make sure employees don’t leave their machines unlocked when they leave their desks. 
  • Physical security: Remind employees to keep unknown people out of the building. In fact, even if they know the person, they should make sure they have their badges (to avoid a disgruntled employee starting a malicious insider attack). Remind them not to leave devices unattended in unsafe areas (like leaving their laptops on the ground while in the airport or sitting in open view in the car). Additionally, remind them never to store sensitive data out in the open, such as leaving printed forms with sensitive data sitting on their desks. 

There are certainly more areas to cover. However, these should get you started. 

How to make training engaging

Training employees is one thing; helping them retain information is another. You’re aiming not just for knowledge here—you want behavioral change. 

First, consider going on site to offer the training rather than doing it online. For starters, it’s a great opportunity for you to reinforce your brand and the value you provide to customers. But more importantly, you get to engage the audience in person, make sure people pay attention, and help reinforce the concepts. If people don’t seem to truly understand the content, you can’t adapt your explanation. 

Second, don’t lecture—involve the group. This can reinforce learning. Ask questions about the training, and consider offering rewards for participation (like a branded giveaway). 

One interesting tip—ask the group to explain what you’ve taught in their own words. This can reinforce retention, and it also gives you real-time feedback on your audience’s understanding. You can correct misunderstandings, help your audience learn more efficiently, and also get tips on how to improve. 

Additionally, try to use real-life examples to reinforce concepts. The language that you use really makes a difference. A 20 year old may be more concerned with their social media account being hacked and not their retirement account. 

Finally, have handouts and leave behinds ready to go. Posters and reminder cards may be old school but they really do work to create a culture of security. This can also be a great branding opportunity for your MSP 

Security training: more than a checkmark

Many companies hold trainings only to protect them from liability or to meet a compliance goal, but service providers need to go beyond this. People are often the weak link. Employees  make mistakes that expose organizations. As a service provider, you must do your best to not only offer security trainings but make them engaging so your customers’ employees retain the information and, hopefully, think twice before putting the company at risk. 

 

Additional reading:

  • Security Awareness Training Tips
  • Seven Tips To Help Improve Security—Part 2, Avoid negligence
  • Is it time to blame the messenger for security training failures?
  • GDPR—Quick Win Strategy 1: Deliver Customer Employee Security Training

 

Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics. 

You might also like...
Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Security

What Is FIPS-140-2 Standard and When Is It Required?

Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Service Desk (5)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Customer Service (3)
  • Internet of Things (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.