Growing up in smalltown America, my little brother and I were taught to look both ways when crossing the street, not to talk to strangers, and never to fight in the house. Our parents wanted us to be safe and understand that our actions had consequences. Sure, I tackled him off the couch and he dropkicked me into a wall, so we made mistakes, but we were both well aware of the months-long punishments coming our way.
When it comes down to it, cybersecurity professionals are trying to do the same thing – keep us all safe. People are going to make mistakes, it’s going to happen, but it shouldn’t be because they didn’t know better. The first step every organization must make to be secure is to acknowledge that employees are the weakest security link. The thing about that is, Aware Employees are also the first and best line of defense against cyberattacks.
Much like when our parents sat us down to explain (again) why we shouldn’t fight in the house, Cybersecurity Awareness involves consistent and ongoing Security Training.
What is Security Awareness Training?
The goal is to provide every employee – and really everyone who uses the internet – with a fundamental understanding that hackers are out there actively trying to steal your information. No matter where you are on the corporate ladder or how unimportant you think your information might be, the fact is that hackers will attack organizations at every level and all personal information has value on the dark web. No one is safe from them.
And yet, 1 in 3 people don’t even consider security while on the internet, which includes people currently working from home.
A successful Security Awareness Training program includes clear policies, consistent and repetitive instruction with every employee, and at least weekly discussions of current security threats or best practices.
Biggest Threats to Normal People
When it comes to Security Awareness, there are levels. No one expects the average user to understand how to configure firewalls, secure an email server, or monitor a network – these are things that the network admins are paid to handle. Except that, it only takes one person not paying attention and click on a malicious link to undo all that work. It takes teamwork to be secure. We all play our part.
Here are some things that everyone can watch out for to keep business and personal information safe from the hackers.
- Spam – this can include email, instant messages, and social network activities not limited to invitations, games, shared posts, and especially quizzes – spam is now one of the primary methods of attack via social media
- Social Engineering – a practice that is much more simple than it seems, it is typically a one-on-one attack where one person fools another into revealing information or access to a specific resource, such as admitting over text that you keep a list of passwords in a desk drawer
- Phishing – using an email or text message that looks genuine to trick people into clicking on a malicious link with the goal of installing malware, stealing credentials, or revealing personally identifiable and financial information
- Spear Phishing – a targeted attack on a specific individual or position using a fake email that reads exactly like an actual email from a friend, colleague, or superior with specific instructions, such as sending money, providing information, granting access, etc.
- Malware – any type of software that is designed to cause harm to a device or network – such as viruses, spyware, worms, etc. – historically their goal has been to cripple organizations, but with so many working and learning from home, home networks have grown into a prime target
- Ransomware – used by attackers encrypt and/or steal information to extort money, ransomware attacks on organizations and home users are at an all-time high in 2020, with more advanced attacks now capable of seeking out specific types of data, including personal picture and movie files
No one wants to be hacked. Identity theft can be devastating. Data breaches can cause businesses to shut down. We all have a vested interest in keeping the hackers out and there are things that we all can do to help keep them out.
- Use Strong Passwords – a memorable phrase that’s at least 12 characters long with letters and number/symbols, ie. wecanB$ecurein2020, 1kitteniscute2rnutz
- Never Reuse the Same Password – it could take weeks to find out about a hack, in that time one stolen reused password could compromise all your accounts
- Pay Attention to Emails – phishing and spam emails might look legitimate, but there are clues: wrong email address, out of character request, a false sense of urgency
- Don’t Give Away Personal Information – people like to talk about themselves, but we also use our favorite bands, foods, or pet’s names to answer security questions – be careful what you share and with whom
- Always be Skeptical – we all know by now that if it seems too good to be true, it probably is; by that same token, if something feels off, it’s probably best to avoid it, or at least open a new tab, start a new email, or pick up the phone and check
- Embrace Security – having a positive attitude towards cybersecurity makes it a lot easier to be aware of and practice good security
The goal is to keep everyone safe on the internet by being Aware of the threats out there. In so doing we keep our business data and personal information safe, and with luck, no one gets dropkicked into a wall.
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small business, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com