Threats such as phishing attacks and ransomware are becoming ever more sophisticated. And with an increasing number of people working from home, often beyond the confines of a company-monitored network, cyber security awareness is more important now than ever. Businesses need to do all they can to ensure end-users (employees and often clients as well) are properly trained in online safety. As such, cyber security awareness training has become a must-have for organizations of all shapes and sizes.
Indeed, the global market for cyber security awareness training is worth around $1 billion annually and is growing at a rate of about 13 percent each year. Of course, there isn’t a one-size-fits-all approach to training employees. There are a huge number of companies offering training courses that vary greatly in scope, delivery method, and price. Some are one-time courses, whereas others offer ongoing support which, of course, comes with proportionate costs. Ultimately, it’s important to find the best fit for your unique business.
In this article, we reveal our top recommendations for cyber security awareness courses. These offer everything from free training accessible to anyone to full-fledged integrated systems that provide ongoing training and analysis. If you’re just looking for a brief rundown of what’s available, here’s an at-a-glance look at our featured programs.
Best Cyber Security Awareness Courses:
- Cofense Online Security Awareness Training: Choose a free program or a premium platform with a suite of addons.
- KnowBe4 Kevin Mitnick Security Awareness Training: Awareness and compliance training plus interactive games.
- Webroot Security Awareness Training: Short, easy-to-follow courses plus phishing simulations.
- CybSafe Borderless Security Awareness: Personalized program that uses intelligent technology.
- ESET Cybersecurity Awareness Training: Free and budget-friendly options but no ongoing support.
- Elevate Behavioral Security Platform: Game-based training focused on changing human behavior.
Although not every course meets all of the following criteria, these are the factors we considered when making our selections:
- Covers the most relevant topics
- Is kept up to date
- Offers easily accessible delivery methods
- Provides interactive features such as phishing simulations
- Can be intuitively managed
- Offers good value for money
Cofense offers a range of security awareness training products so packages can be tailored to suit any business. There’s even a free course if you’re on a really tight budget.
CBFree is the no-cost program and is ideal for businesses that can’t stretch to paid courses. The training is made up of 17 awareness modules, including topics such as business email compromise, ransomware, mobile devices, and physical security.
In addition, there are four compliance modules, covering healthcare (for example, HIPAA and HITECH), payment data, personal data, and GDPR. Plus, you get five interactive learning games including a phishing resiliency quiz and reporting exercise.
Each module is around five minutes and includes an optional interactive question and answer section. Cofense has all the bases covered here, so although it’s a short program, employees will get a solid all-around view of cyber security awareness.
Cofense’s core paid program is Cofense PhishMe. This is a phishing simulation designed to provide ongoing learning for employees and change their behavior toward phishing attacks. The company builds on this by offering a suite of add-ons to enhance the program. These include Cofense Reporter, which makes reporting phishing emails as simple as clicking a button, and Cofense Phishing Defense Center, which will analyze user-reported emails.
Many of Cofense’s courses are available in multiple languages.
Price: You’ll need to contact Cofense directly for a full quote, but pricing for Cofense PhishMe starts at around $10 per user per year.
KnowBe4 offers a comprehensive training solution suitable for businesses of all sizes. The program begins with baseline phishing simulation testing to determine the level of awareness of users. Once the “Phish-prone percentage” is determined, training commences, including interactive courses, games, and videos.
Unlimited phishing attacks are built into the program by way of KnowBe4’s highly-regarded phishing simulator. There is a smart component, which means that training and simulations are tailored to each employee’s behavior. Comprehensive reports make the system easy to manage and help to prove its ROI.
One of the allures of the KnowBe4 program is that it’s overseen by Kevin Mitnick. Mitnick is a prominent white-hat hacker who rose to infamy when he was the FBI’s most wanted hacker in the ‘90s. Mitnick now runs his own cybersecurity consulting firm (Mitnick Security Consulting) and acts as KnowBe4’s “Chief Hacking Officer.”
Various tiers of the program are offered: Silver, Gold, Platinum, and Diamond. Which one you choose will depend on how many additional features you require including training level, support tier, and features like smart groups and reporting APIs.
Price: Prices start at $8 per user per year for larger organizations. But for very small businesses (25-50 employees), prices start at $17 per user per year.
Webroot’s cyber security awareness training is designed for businesses that want to ensure all end users (including employees and clients) are doing all they can to ensure the company’s online security.
Standout features of the course delivery include a setup wizard, simulated phishing campaigns, regulatory compliance training, individual participation tracking, and shareable reports.
The Webroot training comprises 90 courses in total that fall into four categories: security, compliance, IT skills, and business skills. Topics covered include social engineering attacks such as phishing, how to spot malware behaviors, effective reporting of threats, policies and best practices, regulation compliance (for example, GDPR and HIPAA), and lots more.
Price: Webroot is offering a free 60-day trial for up to 50 users. You can get a price quote by contacting the sales team directly.
CybSafe is another highly-regarded name in the cyber security awareness training business. Although this is a UK-based company, it offers solutions to businesses across the globe. The cloud-based infrastructure is scalable to businesses of any size.
In its marketing, CybSafe emphasizes that its solutions aren’t your average training courses. Rather, the focus is on changing user behavior through intelligent technology. The most prominent feature is that training is highly personalized. Exercises including refresher tests, activity reminders, and phishing simulations are all tailored based on data points related to the individual user.
The training comprises four main hubs which you can purchase separately or as a discounted bundle:
- Awareness Hub: This houses the core security awareness training as well as awareness tools and up-to-date security news and on-demand advice.
- Behaviour Change Hub: This is where the simulations and personalized interventions come into play. This hub also includes goal settings for security habits and a risk analysis of security behaviors.
- Culture Hub: Use this hub to assess the security culture and analyze the sentiment of the organization, and gain insights at the user level.
- Managed Service Hub: You can add this hub if you want greater control over planning and development. You’ll also get enhanced support, for example, assistance with user onboarding, and comprehensive progress reports.
Price: Example prices for 101–250 users (per user per year) start at $7.53 for the Culture Hub, $19.38 for the Behaviour Change Hub, $15.61 for the Awareness Hub, and $34.02 if you bundle all three. Example pricing is not provided for the Managed Service Hub.
If you’re on a smaller budget and happy with a static program instead of ongoing training, then ESET’s offering could be a good fit. Its basic version is completely free and the premium option forgoes the monthly subscription model in favor of a low one-time payment.
ESET’s free version gives you a fully online cyber security awareness course as well as training in best practices for remote workers. The latter is particularly valuable given the potentially long-term seismic shift to remote work we’re seeing as a result of the pandemic. The course covers the most relevant topics including phishing, email safety, password security, two-factor authentication, general internet safety, and malware.
The premium option provides a more comprehensive service to provoke real behavioral change. It includes interactive games, a dashboard for monitoring user progress, and email reminders to help users stay on track. A certification and LinkedIn badge is also included.
Onboarding and use of this program is very straightforward, so it’s ideal for businesses seeking a no-fuss training solution.
Price: The basic training course is free while the premium option costs $20 per user per year (for a minimum of 10 users).
One thing that makes Elevate Security’s offering stand out from the crowd is that its cyber security awareness program is the company’s sole product. This means it puts all its focus into ensuring it offers a refined, up-to-date training tool.
This is evident when you see the program dashboard. It’s very easy to use and allows administrators to see a comprehensive overview of the entire organization. This is particularly useful for businesses trying to see where their weakest links are.
The program has two main components. “Insights” is the dashboard which allows you to test users‘ via phishing simulations and view performance on a detailed security map.
The “Influence” component focuses on changing user behavior through interactive games and personalized scorecards. Users can view individual performance and undergo tailored training. The gaming aspect makes for some fun, friendly competition to help inspire users to excel.
Price: You’ll need to contact the Elevate Security team directly to get a quote tailored to your business.