So what exactly is Security Awareness Training?

Security awareness training is all about teaching your colleagues and employees to understand the risks and threats around the ever evolving cyber world. The main purpose is to ensure that these people realise that hackers within organised gangs of cyber criminals will try to deliberately attack, steal, damage or misuse your organisation’s systems and information, and that therefore everyone within the organisation needs to be aware of the associated risk, and thus work to adequately protect the organisation against these risks.

Security awareness training also ensures that employees are fully awake to the consequences of failing to protect the organisation from outside attackers. Such consequences span from criminal penalties to large scale economic damage to the company and the loss of employment.

What are the topics covered by a typical security awareness training?

Initially, every security training awareness training course should start by ensuring that people know who to contact in the event of a security breach, and the appropriate actions to be taken. Once this fundamental factor has been established, the first thing that needs to be done is to make employees aware of the utmost importance of information and system security.

If employees learn to understand why the protection of both business critical data and systems are important, they will be far more willing to pay extra attention to security best practices, and act on what they have been taught.

Once employees understand why protecting data and systems is crucial, training then needs to make employees aware of what exact data and systems are deemed confidential and need to be protected. As there are a number of contrasting roles within every organisation, everyone will have a different opinion on which types of information are confidential and not, so it is essential that your company’s security awareness training is precise.

Finally, when the employees are fully aware of why securing data is important, and what systems they need to protect, your security awareness training program should highlight the key ways in which attackers can gain entry to your network, and the necessary steps to curtail these risks.

These areas typically include:

1. Password best practices – why passwords are important, how passwords should be used, common password exploitations, two-factor authentication and how to create strong, memorable passwords.
2. Email and browser security – how to spot sceptical email messages, modern web browser security features, ability to identify malware/viruses, how phishing is a huge threat and best practices to alleviate the biggest risks.
3. Social engineering – what social engineering is and how this works, the risks of social engineering attacks, the most commonly used social engineering techniques and methods to protect you from social engineering attacks.
4. Avoiding malicious downloads – the consequences of deploying malicious downloads, best practices for keeping software updated, and installing new applications, ability to identify if a system has been infected with malicious software, web browsing configuration for better security and how to deploy internet/email security software.
5. Mobile security – the most common threats to mobile devices, how mobile POS (Point of Sale) systems work and the risks they come with, appropriate procedures for cardholder data while using mobile systems, how to ensure that mobile devices are secured and the security risks associated by using personal mobile devices at work BOYD (bring your own device)
6. Social media security – the best way to use social media, the privacy and security parameters offered by social media, risks of using social media at work and at home, ways to minimise social media hacks and the acceptable use of social media when at work.
7. Anti-virus and software updates – the function of anti-virus software, methods to keep both software and operating systems up-to-date, how to use windows update securely, how to install, configure and update anti-virus software and methods to secure mobile devices as stringently as other devices.
8. Secure remote working – the most common risks and threats associated with accessing company data and systems while working remotely, the technology and software available to make remote working more secure and protected, how to handle private data when working remotely and what steps to take when mobiles devices are lost or stolen.
9. Physical security – the importance of physical security for both devices and applications, the advantages of using screen privacy protectors, the importance of wearing an identity badge, how to report any violations to physical security and keys steps to proceed with if an individual either attempts to, or successfully breaches physical security.
10. Protecting cardholder data – the function of PCI standards and why compliance is so important, identifying the most sensitive pieces of information on a credit/debit card, determining what and who needs to comply with PCI standards, explanation of how card transactions work and how to handle credit/debit card data in a secure fashion.

Security awareness training is an important process in educating all company employees, and failing to implement a precise program can often result in significantly higher reports of intrusions and ultimately the loss of company data and revenues.

The great thing is that security awareness training can be measured once implemented simply by tracking the number of severe security breaches recorded over a specific time period. Once employees have taken security awareness training, they will become more aware of security best practices and incidents will begin to drop off.

If you are interested in finding out more about our available security training program contact us today for a free consultation.