Security Awareness Training
Chuck's Cyber Wall
In business or at home, Security Awareness Training is the best way to strengthen your cybersecurity posture. But what does that really mean?
Okay, storytime. Growing up in small-town America, my little brother and I were taught to look both ways when crossing the street, not to talk to strangers, and never to fight in the house. Our parents wanted us to be safe and understand that our actions had consequences. Sure, I tackled him off the couch, and he dropkicked me into a wall, so we made mistakes, but we were both well aware of the months-long punishments coming our way.
When it comes down to it, cybersecurity professionals are trying to do the same thing – keep us all safe. People are going to make mistakes, it’s going to happen, but it shouldn’t be because they don’t know better. The first step every organization must take to be secure is acknowledging that employees are the weakest security link. One consistency in cybersecurity is that Aware Employees are the first and best line of defense against attacks.
Much like when our parents sat us down to explain (again) why we shouldn’t fight in the house, Cybersecurity Awareness Training involves consistent and ongoing discussions about current threats and how to recognize them.
WHAT IS SECURITY AWARENESS TRAINING?
The goal is to provide every employee – and really everyone who uses the internet – with a fundamental understanding that hackers are actively trying to steal your information. No matter where you are on the corporate ladder or how unimportant you think your information might be, your information has value on the dark web. Hackers attack organizations at every level looking for data on employees, customers, vendors – literally anyone. No one is safe from them.
And yet, 1 in 3 people don’t even consider security while on the internet, which includes people working from home.
A successful Security Awareness Training program includes clear policies, consistent and repetitive instruction with every employee, and at least weekly discussions of current security threats or best practices.
BIGGEST THREATS TO NORMAL PEOPLE
When it comes to Security Awareness, there are levels. No one expects the average user to understand how to configure firewalls, secure an email server, or monitor a network – these are things network admins are paid to handle. Except, it only takes one person not paying attention and clicking on a malicious link to undo all that work. It takes teamwork to be secure. We all play a part.
Here are some things that everyone can watch out for to keep business and personal information safe from attack.
- Spam – this can include email, instant messages, and social network activities not limited to invitations, games, shared posts, and especially quizzes – spam is now one of the primary methods of attack via social media
- Social Engineering – a practice that is much more simple than it seems, it is typically a one-on-one attack where one person fools another into revealing information or access to a specific resource, such as scammers pretending to be from tech support
- Phishing – using an email or text message that looks genuine to trick people into clicking on a malicious link to install malware, stealing credentials, or revealing personally identifiable and financial information
- Spear Phishing – a targeted attack on a specific individual or position using a fake email that reads like an actual email from a friend, colleague, or superior with specific instructions, such as sending money, providing information, granting access, etc.
- Malware – any software designed to cause harm to a device or network – such as viruses, spyware, worms, etc. – historically, their goal has been to cripple organizations, but with so many working and learning from home, home networks have grown into a prime target
- Ransomware – used by attackers to encrypt and/or steal information to extort money, ransomware attacks on organizations and home users are at an all-time high, with more advanced attacks now capable of seeking out specific types of data, including personal picture and movie files
SECURITY AWARENESS TRAINING ITEMS
No one wants to be hacked. Identity theft can be devastating. Data breaches can cause businesses to shut down. We all have a vested interest in keeping cybercriminals out, and there are best practices that will help, so it is imperative we include them in Security Awareness Training.
- Use Strong Passwords – a memorable phrase that’s at least 16 characters long with letters and numbers or symbols, i.e., wecanB$ecurein2020, 1kitteniscute2rnutz
- Never Reuse the Same Password – it could take weeks to find out about a hack, and in that time, one stolen reused password could compromise all your accounts
- Pay Attention to Emails – phishing and spam emails might look legitimate, but there are clues: odd email addresses, out-of-character requests, generating a false sense of urgency, etc.
- Don’t Give Away Personal Information – people like to talk about themselves, but we also use our favorite bands, foods, or pet’s names to answer security questions – be careful what you share and with whom
- Always be Skeptical – we all know by now that if it seems too good to be true, it probably is; by that same token, if something feels off, it’s probably best to avoid it or at least open a new tab, start a new email, or pick up the phone and check
- Embrace Security – having a positive attitude toward cybersecurity makes it a lot easier to be aware of and practice good security
The goal is to keep everyone safe on the internet by being Aware of the threats out there. In so doing, we keep our business data and personal information safe, and with luck, no one gets dropkicked into a wall.
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com