Show Welcome back to week 1 of cyber security awareness month with Secure Sense! Cyber Security Awareness month makes for a great time to review your cyber security policies with your organization and ensure that your staff are well versed in their training. In 2021, 82% of security breaches occurred through social engineering tactics, leaving human error to be the most common cause of breaches. We can combat this by properly training our employees to have good awareness of security hygiene and suspicious activity. Today we will be discussing best practices, training, and how your managed service provider can help. Every employee should have cyber security training Hopefully, all organizations have controls in place that are critical to an effective security posture, such as governance policies, firewalls, antivirus, logging/monitoring, etc. However, phishing attempts and other social engineering techniques can reward attackers with credentials that allow them to bypass layers of expensive protection simply by sending an email or talking to them. Typical security awareness training modules will include many topics, including password hygiene, wi-fi best practices, social engineering, and reporting cyber threats. Let’s review: Password hygiene When training your staff on password hygiene and best practices, there are a few main tips they should learn:
Wi-fi Best Practices When training your employees, especially when they’re working from home or remotely, ensure they are aware of wi-fi best practices and have access to a VPN. Training should include the following:
Social engineering Your training should include information and examples of social engineering tactics and ransomware attacks. These attacks often occur after an employee or user opens or clicks an infected attachment or URL. When these infected links are opened, the virus is installed on the user’s computer and begins to either encrypt their files or simply lock their screen– effectively holding that data hostage. Ensure your employees know how their devices become vulnerable. Phishing emails and malicious attachments and links directly installing ransomware onto their device is a major way attackers can wreak havoc and all employees should be well aware of these types of attacks. These devices can be especially vulnerable if they aren’t updated with the latest software security patches, has outdated/unsupported operating systems, or if it does not have anti-malware installed to help detect and stop ransomware. We will be talking more about patching later this month so be sure to keep checking back to the blog to learn more! Common phishing email traits to train your employees on include:
Using real world examples of phishing emails is a great way to show your staff what to avoid. Run through a series of phishing emails and regular emails to ensure they are able to distinguish between the two. Tools and Services from your MSSP that can help When creating your cyber security training program for your staff you should always be able to look to your managed service provider for guidance for how to implement training, as well as how to generate intelligence from this initiative in order to leverage data and feedback for further improvement—not just of training, but of your security posture in general. Looking for a managed service provider that offers training as either part of their service or as an additional service has many benefits for security awareness.
Reporting scams is everyone’s responsibility Employees should not only be trained on threats and best practices and told to avoid them; they must also know who to talk to if they make a mistake like accidentally click a malicious link or giving out sensitive information. Critically, employees need to know who to report their concerns to and feel like they can do so without risk of being shamed, blamed or punished. Give your employees an appropriate point of contact they feel comfortable approaching, whether it’s their manager or the company IT team, and make sure everyone knows this information for when they may need it. When it comes to cyber security training, the bottom line is that giving regularly updated, annual (at least) training sessions is the right thing to do. Threats are always evolving, bad actors are always developing new tactics, and sometimes everyone needs a refresher course to bring security to the forefront of their thoughts. Here’s your key phrase: “Social Engineering”Interested in Chatting with a Security Professional? Interested in implementing cyber security training but don’t know where to start? Contact us today at or 866-999-7506 and our team of experts can assist in creating your own training program for your organization. If you missed last weeks blog, check it out here:
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout. Why is security awareness important in an organization?Security awareness training is important as it protects an organization from cyber attacks on the system resulting in data breaches. The primary focus is the prevention of such incidents that lead to loss of brand reputation and financial losses as well.
What are the benefits of security awareness?Benefits of Security Awareness Training. Prevent Downtime. Should a breach or other security incident occur, it can be costly and take time to repair and reinstate normal business operations. ... . Ensure Compliance. The amount of regulations businesses must adhere to continues to increase. ... . Improve Customer Confidence.. What is the most important security awareness training?What are the most important security awareness training topics in 2023?. Phishing attacks.. Removable media.. Passwords and Authentication.. Physical security.. Mobile Device Security.. Working Remotely.. Public Wi-Fi.. Cloud Security.. What is information security importance of information security and its awareness?It protects the organisation's ability to function. It enables the safe operation of applications implemented on the organisation's IT systems. It protects the data the organisation collects and uses. It safeguards the technology the organisation uses.
|