Cyber threat actors take advantage of human error, whether intentional or unintentional to compromise information systems and assets. According to the studies, about 9 out 10 data breaches are caused by organizations` users including: accidental mistakes, improper sharing of data and misconfiguration of cloud services. The rise of remote work has compounded these issues. When employees use computers on a business network, they must be aware and avoid potential security risks.
By implementing a security awareness policy, organizations should impose security obligations on employees. Security awareness in the workplace means proactive approach to dangers of online or offline threats. To combat human error and mitigate the impact of a breach, a regular and ongoing security awareness training about the latest threats to organizations for employees is a must. Depending on a role, different employees should undergo different levels of training.
Levels of Training
- General security awareness for everyone who is part of the network such as employees and contractors.
- Intermediate security awareness for managers and decision makers.
- In-depth security awareness for IT personnel and specialized personnel such as accounting workers.
Security Awareness Training should cover at least the following issues:
- Using only approved software and apps on workplace devices and avoiding malicious software.
- Password management, creating safe passwords, password reuse and multi-factor authentication.
- Working Remotely.
- Deciding what constitutes as sensitive information.
- Maintaining workplace.
- Dealing with emails that contain suspicious web-links, scams ( ie, gift card scam).
- Using the internet, social media, and e-mail safely.
- Removable Media.
- Clean Desk, storing and disposal of paper-based data.
- Physical security.
- How to identify malicious links and phishing emails.
- Social engineering awareness.
- Emergency situations and incident Response.
- Threats of unauthorized access.
- Mobile device security.
- Public Wi-Fi security.
- Transferring sensitive and confidential information.
- Transferring software and files between home and work.
Organizations can deliver training in various ways: via e-mails, videos, memos, notices, games, posters, computer-based training, online and on demand webinars, and in person training. A combination of simulation exercises and general information delivery is recommended.
Managements should require all employees and contractors to apply information security in accordance with the established policies and procedures of organization and ensure that employees and contractors:
- Are properly briefed on their information security roles and responsibilities prior to being granted access to confidential information or information systems.
- Are provided with guidelines to state information security expectations of their role.
- Are motivated to fulfil the information security policies.
- Are achieved a level of awareness on information security relevant to their roles and responsibilities.
- Are trained with approved applications.
- Are provided with an anonymous reporting channel to report violations of information security policies or procedures.
- Are continuing to have the appropriate skills and qualifications and are educated on a regular basis.
If employees are aware of the latest threats, they can be organization`s great asset. Choosing a cybersecurity awareness training for an organization can be a challenge but the best one is the one that employees will understand, value, and use in their daily activities.
Would you like to learn more about our services? Email [email protected] or call 289-803-9730. We would be happy to share more details about our self-service or fully managed eDiscovery services!