17 July 2024 • Cyber security
There are multiple good reasons to do an annual security awareness refresher with your colleagues.
For one, many cybersecurity insurances and information security directives require it. On the other hand, it’s simply a good way to remind everybody in your organization of the importance of security awareness.
Below, find a list of the best annual security awareness refreshers.
1. DOD Annual Security Awareness Refresher
The DOD Annual Security Awareness Refresher course has been devised by the US Department of Defence. It’s intended to be used by learners who have already completed training, as a way to keep their knowledge fresh in their minds and to introduce any new threats that have emerged since previous annual security awareness refreshers.
The Security Awareness Refresher is specifically designed to test and ensure an understanding of NISPOM (the National Industrial Security Program Operating Manual), relevant sections of DODM (the Department of Defence manual), and other regulations or laws that might be applicable. While DOD regulations may not be relevant for many organizations, the Annual Security Refresher could be an important tool for organizations that handle information that is covered by the remit of the DOD, including classified and sensitive unclassified information.
It is a web-based course consisting of interactive quizzes and tutorials. If the wrong answer is given on any of the quizzes, the learner must view the tutorial material and try again. Upon completion, the user receives a certificate. The course is free and can be taken by anyone.
Pros:
- Free.
- Thorough and detailed.
- Provides certification.
Cons:
- Designed specifically for the US DOD.
2. Guardey: Duolingo for security awareness
An annual security awareness refresher only takes you so far. It spikes knowledge and awareness for a short while, but before you know it, people fall back into their old patterns.
With Guardey, users get a short micro challenge every week that takes about 3 minutes to complete. In each challenge, they learn a little bit about a specific cybersecurity topic. Because you’re learning every week, you slowly build up knowledge and awareness over time.
Just like Duolingo, Guardey uses gamification to make the learning experience fun. From earning badges to battling for the number one spot on the leaderboard, Guardey keeps users engaged for long periods of time.
And if you still only want that annual refresher? Then use Guardey’s 14-day free trial to simply use it for that.
Pros:
- Free trial.
- Gamification keeps users engaged.
- Can be used for an annual refresher and weekly training.
- Wide variety of topics.
Cons:
- No videos, which can be a con for some organizations.
Start a 14-day free Guardey trial
3. The Cyber Awareness Challenge
Unlike most annual security awareness refreshers, The Cyber Awareness Challenge consists of a browser-based role-play game. In this point-and-click adventure, the learner takes on the role of a hero who must defeat a mysterious adversary using their knowledge of cybersecurity principles and best practices. Players complete missions themed around various areas of cybersecurity, such as social engineering, malicious code, removable media and identity management.
Failing a mission doesn’t mean failing the test — users simply receive instruction on the material and can then retry that mission. To pass the challenge, the user must complete all the missions successfully. Upon completion of all the missions, the user receives a certificate.
The Cyber Awareness Challenge has several points in its favor. It’s free to play and can be accessed by anyone with a web browser. It’s designed to test compliance with regulations affecting various US government departments, but the breadth of the material means that it will be relevant to most organizations. The comic-book art style and game format of the test make it one of the most approachable annual security awareness refreshers. On the downside, this very approachability might make some learners feel a little condescended to.
Pros:
- Free.
- Easy to access.
- Engrossing video game format helps learners feel comfortable.
- In-depth information and testing ensure a high level of understanding.
- Wide-ranging topics mean that this test will be relevant to most organizations.
Cons:
Comic-book style and video game format may feel unprofessional to some.
4. STCW
The STCW Security Awareness course is a specialist course aimed at the maritime industry. STCW (Standards of Training, Certification and Watchkeeping for Seafarers) is a set of qualification standards for people employed on ocean-going vessels. It’s an international standard, meaning that if you’re employed on board a ship, you need to meet STCW requirements. This extends to cybersecurity awareness requirements.
The STCW.online Security Awareness exists to help seafarers meet this need. The course is short, taking around an hour and a half, with a certificate for successful completion. Because it’s designed for seafarers, this test will not be entirely relevant for organizations outside the maritime industry or for staff who don’t work onboard ships.
The STCW.online Security Awareness course covers basic security and security responsibilities, threat identification and emergency preparedness. It also covers important maritime-specific topics like maritime security policy and ship security actions. The course is delivered online, via an interactive slideshow and videos. At the end of the course, the learner is presented with an assessment. There are two versions of the course, one approved by Liberia and accepted in Panama, and one accepted by the Netherlands (EU) and MCA (UK Maritime and Coastguards Agency).
Pros:
- Inexpensive (45 GBP for the Liberia/Panama version and 59 GBP for the Netherlands and MCA version).
- Comprehensive.
- Provides recognized certification for seafarers needing annual security awareness refreshers.
Cons:
- Not free.
- Much of the material is only relevant for seafarers.