Awareness is life

By albert
4 Jun 2019

Did you know that most of cybersecurity breaches are due to human error?

Social engineering is a current favourite tactic among cyber criminals—the psychological manipulation of victims to convince them to perform actions or divulge confidential information with malicious purposes.

95% of cyber attacks are a result of phishing scams. Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.

Malware is a constant threat, with people downloading apps or software that is designed to compromise their devices or provide network access to hackers.

In the end, why would I want to invest a huge time trying to hack a system when I can convince an employee to surrender his password and access all the information easily?

Who hasn’t received an e-mail faking the CEO of your Company asking for a bank transfer, or asking you to download a suspicious file? Here an example:

Your employees are your first line of defence against cybercrime. That’s where cyber security awareness training comes into play. You have to ensure your employees are equipped with the knowledge and skills they need to protect themselves from criminal elements.

Any employee with access to a work-related computer or mobile device should undergo thorough cyber security awareness training. This means pretty much everyone, because anyone with a device can be targeted.

By bringing cyber security awareness and training to all your employees, you increase the chances of detecting an attack before it is fully perpetrated, leading to minimizing damage to your brand and reducing the cost of recovery.

Don’t purchase an off-the-shelf awareness training module/web course, it is highly recommended to invest in a tailored cyber security awareness training created by professionals that work directly with your Company, increasing effectivity.

Various channels are recommended, combining e-learnings, presential trainings for key departments and different awareness materials (security cards, posters, awareness emails, quizzes… the possibilities are infinite!)

Give simple but effective messages, highlight key concepts and ensure that the language used is understandable by the target public.

Here you have several short tips on how to perform a good cyber security awareness campaign:

  • Identify cybersecurity awareness needs – Identify each employee’s roles and responsibilities. Tailor your trainings focusing on countermeasures related to real, possible threats to your infrastructure/data.
  • Highlight weaknesses – Make everybody aware of the human role in the cybersecurity chain. In the end the highest vulnerability in the cybersecurity world is the human being.
  • Executive management approval and support – Make sure executive management supports and promotes cybersecurity awareness.
  • Tailor the program – Do not show generic trainings, customise them as possible to the different target employees
  • Involve all the Company – Everybody is related to cybersecurity, everybody should be aware of it
  • Establish accountability – Security Office is not the responsible for cybersecurity in the Company. Each and every employee is!
  • Be practical – Use real life examples, involve the attendees in practical exercises, tests etc. Don’t make it a monologue!
  • Update! – Make sure your training materials are updated, cybersecurity is a constantly changing world, awareness should be adapted to that rhythm
  • Feedback – Ask employees for feedback, in order to be able to improve the effectivity of your cybersecurity awareness campaigns

And if you are an employee, remember… SEC_RITY is not complete without U!

Author: Guillermo Sánchez

Comments are closed.