Post

Security Awareness Training

Posted
By Erich Mair 1 min read

Introduction

Companies utilize security awareness trainings to ensure that employees understand and follow certain practices to ensure the security of an organization. These trainings are designed to help users and employees understand the role they play in helping to combat information security breaches.

Effective security awareness training helps employees understand proper cyber hygiene, the security risks associated with their actions and to identify cyber attacks they may encounter via email and the web.

The outcome of an effective security awareness training program should provide an end user with:

  1. Knowledge of information security best practices.
  2. The security risks associated with improper actions.
  3. How to identify cyber attacks that could be encountered via email and the web.

Why use Security Awareness Training?

Research suggests that more than 90% of security breaches are caused by human error. Security awareness training are proven to help companies minimize risk by preventing the loss of data, money, and/or brand reputation.

An effective awareness training program addresses the InfoSec mistakes that employees may make while:

  1. Using email
  2. Using websites
  3. In the physical world (such as tailgaiting, lack of authentication, or improper document disposal).

Performing Security Awareness Training

For training to stick, it needs to be persistent, delivered regularly in small doses, to fit employees’ busy schedules. Most importantly, positive reinforcement and humor performs better than fear-based or boring messaging to improve retention of critical security topics.

ineffective programs deliver training in one-off sessions that overwhelm users with forgettable information.

Phishing tests

Phishing attacks are a frequently-used attack vector. A fantastic way to test your employees is to set up a fake phishing email campaign.

Many tools provide templates which allow you to quickly create phony emails that look legitimate to an untrained user.

Training best practices

  • Consistent: employees are far less likely to retain information from a cybersecurity awareness training program if the program is conducted infrequently and requires a large time investment
  • Fun: Cybersecurity awareness is a journey. Design this training in a way that it’ll provided in a fun and educational way.
  • Educational: End users should feel confident and empowered with their new security skills.

Source: https://vpnoverview.com/internet-safety/business/security-awareness-training/

Defensive & Reactive Cybersecurity
Defensive & Reactive Cybersecurity Security Awareness Training
This post is licensed under CC BY 4.0 by the author.