You’ve seen the stats. You’ve
heard the stories. You’ve talked with other leaders. Now, you’re ready to take
your security awareness and training program to the next level. But which
topics should be added or improved upon? Start by checking the depth and quality
of your social-engineering curriculum.
reported in 2018 that “Companies are nearly three times more likely to get breached by social attacks
(phishing, pretexting, Business Email Compromise or BEC) than via actual
vulnerabilities.” Remember that effective education includes teaching
employees how to scrutinize the spelling, grammar and syntax of URLs and web
domains. Unfortunately, malware injections usually accompany an email attack
for a crippling 1-2 punch. Last year, nearly 93% of malware payloads, including
ransomware, arrived via email.
policies and practices–the extent to which employees are allowed to access
company networks via personally owned devices–is another essential topic for
training. Though there’s no universally applicable solution, BYOD definitely
deserves a place in your security-training curriculum.
Other worthy subjects
include: Your clean desk policy.
Sensitive information kept on paper scraps and sticky notes leaves networks
vulnerable to thieving hands and prying eyes.
Data management. Explaining the types and significance of sensitive
data your firm handles can be a real eye-opener (and behavior-changer) for many
employees. Wherever you choose to expand or improve, remember that cyber
training is not a one-and-done proposition.
Real, ongoing protection requires
instilling a ‘security first’ mindset, which starts with regular education and
reminders. Need cyber training support?
Call TeamLogic IT.