For most people, the idea of security breaches coming into a system starts with malevolent, highly-skilled hackers breaking through security measures with a typing speed that borders on the mechanically impossible. But a new report from security training firm KnowBe4 says that, for the most part, hackers can be stopped at the gates by just being aware of and working against a few dangerous behaviors in the workplace.

KnowBe4, who deals mainly in security awareness training at last report, put together an analysis of 372 separate companies that shows just what kind of impact the right kind of training can have on employees when it's put to use. The study in question ran for 12 months, and focused on 291,000 end points, beginning with a baseline figure of 15.9 percent of employees that were what was called “phish-prone,” or likely to engage in risky behaviors like clicking on phishing links in e-mail and the like.

The effects of applying KnowBe4's training, meanwhile, were substantial to say the least. With the aforementioned baseline of 15.9 percent established, the use of training methods dropped the average down to 1.28 percent. That's certainly good news in an era in which phishing techniques and similar social engineering traps are becoming not only more widely used, but also of a higher overall quality and thus more likely to prove effective at getting the access the phishers want. Plus, KnowBe4 doesn't just train and leave; there are also frequent refresher courses used in the form of customizable emails that can be sent to users to make sure the methods taught are sticking with the recipients of the emails, and if said methods aren't taking hold, remedial training can be provided on the spot.

Supplementing KnowBe4's training is the Kevin Mitnick Security Awareness Training 2014 tool, a system that offers several different templates as well as an array of customization options to help users get better acquainted with important points of online safety. The system offers up several interactive case studies, demonstration videos, and brief tests to help ensure that the lessons are taking hold accordingly. Companies can even request a free phishing security test in order to determine how many employees in the business might be susceptible to the phishing attack.

Phishing attacks are particularly insidious as such attacks often look perfectly legitimate, which makes spotting a phishing attack particularly difficult even for experienced users. Having a way to protect against these attacks can go a long way in terms of preventing many common breaches, so a training program designed to help users spot at least some phishing attacks will reduce the likelihood that a phishing attack actually succeeds. There's no way to prevent all attacks—even the most hardened systems have some measure of weakness involved—but working to prevent as many of these attacks as possible will have some terrific bottom-line ramifications as IT staff can be working on other problems instead of trying to fix those caused by a phishing attack.

KnowBe4's system should prove very useful for businesses wanting a way to better protect a system. It won't be a silver bullet solution, but even one attack prevented is one less attack that has to be cleaned up after and otherwise dealt with. It's a great part of a better overall security system, and should be treated accordingly.