You’ve seen the stats. You’ve heard the stories. You’ve talked with other leaders. Now, you’re ready to take your security awareness and training program to the next level. But which topics should be added or improved upon? Start by checking the depth and quality of your social-engineering curriculum.
Verizon reported in 2018 that “Companies are nearly three times more likely to get breached by social attacks (phishing, pretexting, Business Email Compromise or BEC) than via actual vulnerabilities.” Remember that effective education includes teaching employees how to scrutinize the spelling, grammar and syntax of URLs and web domains. Unfortunately, malware injections usually accompany an email attack for a crippling 1-2 punch. Last year, nearly 93% of malware payloads, including ransomware, arrived via email.
BYOD policies and practices–the extent to which employees are allowed to access company networks via personally owned devices–is another essential topic for training. Though there’s no universally applicable solution, BYOD definitely deserves a place in your security-training curriculum.
Other worthy subjects include: Your clean desk policy. Sensitive information kept on paper scraps and sticky notes leaves networks vulnerable to thieving hands and prying eyes.
Data management. Explaining the types and significance of sensitive data your firm handles can be a real eye-opener (and behavior-changer) for many employees. Wherever you choose to expand or improve, remember that cyber training is not a one-and-done proposition.
Real, ongoing protection requires instilling a ‘security first’ mindset, which starts with regular education and reminders. Need cyber training support? Call TeamLogic IT.