Creating A Security Awareness Training Program

Does your organization take security seriously? Do your users know how to fend off social engineering attacks? Do your organization's portable devices have data encryption enabled? If you answered "no" or "I don't know" to any of these questions, then your organization is not providing good security awareness training.

Wikipedia defines security awareness as the knowledge and attitude that members of an organization possess regarding the protection of both the physical and information assets of the organization. In a nutshell, loose lips sink ships. That's really of what security awareness is all about.

If you are responsible for the information assets of your organization then you should develop and implement a security awareness training program. The goal should be to make your employees conscious of the fact that there are bad people out in the world that want to steal information and damage organizational resources.

Let's look at some tips for creating an effective security awareness training program:

Educate Users on the Types of Real-world Threats They May Encounter

Security awareness training should include educating users on security concepts such as recognizing social engineering attacks, malware attacks, phishing tactics, and other types of threats that they are likely to encounter.

Teach the Art of Password Construction

While many of us know how to create a strong password, there are still many people out there that don't realize how easy it is to crack a weak password. Explain the process of password cracking and how offline cracking tools work. They may not understand all the technical specifics, but they will at least see how easy it is to crack a poorly constructed password and this might inspire them to be a little more creative when it's time for them to make a new password.

Focus on Information Protection

Many companies tell their employees to avoid discussing company business while they are out at lunch because you never know who might be listening, but they don't always tell them to watch what they say on social media sites. A simple Facebook status update about how mad you are that the product you're working on won't be released on time could be useful to a competitor who might see your status post, should your privacy settings be too permissive. Teach your employees that loose tweets and status updates also sink ships.

Rival companies may troll social media looking for employees of their competition to gain the upper hand on product intelligence and who's working on what. 

Social media is still a relatively new frontier in the business world and many security managers are having a hard time dealing with it. The days of just blocking it at the company firewall are over. Social Media is now an integral part of many companies business models. Educate users on what they should and shouldn't post on Facebook, Twitter, LinkedIn, and other social media sites.

Back Up Your Rules With Potential Consequences

Security policies without teeth aren't worth anything to your organization. Get management buy-in and create clear consequences for user actions or inaction. Users need to know that they have to protect information that is in their possession and do their best to keep it safe from harm.

Make them aware that there are both civil and criminal consequences for divulging sensitive and/or proprietary information, tampering with company resources and other insecure behaviour.

Don't Reinvent the Wheel

You don't have to start from scratch. The National Institute of Standards and Technology (NIST) has written a book on how to develop a security awareness training program, and best of all, it's free to download. NIST's Special Publication  - Building an Information Technology Security Awareness and Training Program is hepful in learning to learn how to make your own.

Stacie Orlandi is a professional essay writer for reddit

You Might Also Read: 

Writing An Effective Cybersecurity Policy: 5 Essential Steps:

 

« N.Korean Hackers Target US Health Providers With Ransomware
Suspicions That Explosion At US Gas Export Terminal Caused By Russian Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

rPeople Staffing

rPeople Staffing

rPeople provides direct placement in all areas of your organization, including and specializing in Technical and Executive hiring.

DigiCert

DigiCert

DigiCert is the only provider of enterprise-grade SSL, IoT and PKI solutions. Our certificates are trusted everywhere, millions of times every day, by companies across the globe.

Iceberg

Iceberg

Iceberg has been established to provide companies with cyber security experts who will protect businesses from the unseen threat of cyber crime.

DTS Solution

DTS Solution

DTS Solution delivers advanced cyber security solutions through is technology partnerships with industry leading security vendors and advanced consulting services.

Quorum Cyber

Quorum Cyber

Quorum Cyber offer end-to-end cyber security solutions, specialising in Managed Security Services, Consulting and Resourcing.

NETAS

NETAS

Netas offers solutions in information and communication technologies including end-to-end value added solutions, system integration and technology services to providers and corporations.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

EVOLEO Technologies

EVOLEO Technologies

EVOLEO provides engineering services covering a wide range of needs in the electronics design, embedded and systems engineering.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

IT Jobs Watch

IT Jobs Watch

IT Jobs Watch provides a concise and accurate map of the prevailing IT job market conditions in the UK.

Qmulos

Qmulos

Qmulos’ real-time continuous monitoring risk management suite, Q-Compliance, provides a massively flexible and scalable solution to optimizing operational security.

Fly Ventures

Fly Ventures

Fly Ventures is a seed-stage venture capital fund for outstanding teams building Enterprise and Deep Tech startups in Europe.

IDX

IDX

IDX is the leading consumer privacy platform built for agility in the digital age.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

Amidas Hong Kong

Amidas Hong Kong

Amidas is your trusted companion on the road to Digital Transformation. We provide a full range of Information Technology Solutions and Professional Services to Enterprise customers.

3i Infotech

3i Infotech

3i Infotech offers consulting & professional services to assess, design and build next gen IT infrastructure, and managed services to operate, optimize and continuously improve.