Creating A Security Awareness Training Program

Does your organization take security seriously? Do your users know how to fend off social engineering attacks? Do your organization's portable devices have data encryption enabled? If you answered "no" or "I don't know" to any of these questions, then your organization is not providing good security awareness training.

Wikipedia defines security awareness as the knowledge and attitude that members of an organization possess regarding the protection of both the physical and information assets of the organization. In a nutshell, loose lips sink ships. That's really of what security awareness is all about.

If you are responsible for the information assets of your organization then you should develop and implement a security awareness training program. The goal should be to make your employees conscious of the fact that there are bad people out in the world that want to steal information and damage organizational resources.

Let's look at some tips for creating an effective security awareness training program:

Educate Users on the Types of Real-world Threats They May Encounter

Security awareness training should include educating users on security concepts such as recognizing social engineering attacks, malware attacks, phishing tactics, and other types of threats that they are likely to encounter.

Teach the Art of Password Construction

While many of us know how to create a strong password, there are still many people out there that don't realize how easy it is to crack a weak password. Explain the process of password cracking and how offline cracking tools work. They may not understand all the technical specifics, but they will at least see how easy it is to crack a poorly constructed password and this might inspire them to be a little more creative when it's time for them to make a new password.

Focus on Information Protection

Many companies tell their employees to avoid discussing company business while they are out at lunch because you never know who might be listening, but they don't always tell them to watch what they say on social media sites. A simple Facebook status update about how mad you are that the product you're working on won't be released on time could be useful to a competitor who might see your status post, should your privacy settings be too permissive. Teach your employees that loose tweets and status updates also sink ships.

Rival companies may troll social media looking for employees of their competition to gain the upper hand on product intelligence and who's working on what. 

Social media is still a relatively new frontier in the business world and many security managers are having a hard time dealing with it. The days of just blocking it at the company firewall are over. Social Media is now an integral part of many companies business models. Educate users on what they should and shouldn't post on Facebook, Twitter, LinkedIn, and other social media sites.

Back Up Your Rules With Potential Consequences

Security policies without teeth aren't worth anything to your organization. Get management buy-in and create clear consequences for user actions or inaction. Users need to know that they have to protect information that is in their possession and do their best to keep it safe from harm.

Make them aware that there are both civil and criminal consequences for divulging sensitive and/or proprietary information, tampering with company resources and other insecure behaviour.

Don't Reinvent the Wheel

You don't have to start from scratch. The National Institute of Standards and Technology (NIST) has written a book on how to develop a security awareness training program, and best of all, it's free to download. NIST's Special Publication  - Building an Information Technology Security Awareness and Training Program is hepful in learning to learn how to make your own.

Stacie Orlandi is a professional essay writer for reddit

You Might Also Read: 

Writing An Effective Cybersecurity Policy: 5 Essential Steps:

 

« N.Korean Hackers Target US Health Providers With Ransomware
Suspicions That Explosion At US Gas Export Terminal Caused By Russian Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

Latvian Information & Communications Technology Association (LIKTA)

Latvian Information & Communications Technology Association (LIKTA)

LIKTA brings together leading Latvian companies, organizations and professionals in the field of Information & Communications Technology

Assured Enterprises

Assured Enterprises

Assured Enterprises provides comprehensive cyber risk identification, management and mitigation across all platforms.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Zerocopter

Zerocopter

Zerocopter enables you to confidently leverage the skills of the world's most knowledgable ethical hackers to secure your applications.

Dellfer

Dellfer

Dellfer secures connected cars and other IOT devices through Intrinsic protection, enabling the most sophisticated cybersecurity attacks to be seen instantly and remediated with precision.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

BwCIRT

BwCIRT

BwCIRT is the Computer Incident Response Team (CIRT) for Botswana and provides an official point of contact for dealing with computer security incidents.

Sovereign Intelligence

Sovereign Intelligence

Sovereign Intelligence provides automated insight into the relative intensity of hidden Cyber, Brand, and Financial Risks to your company.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

CITRA - Information Security and Emergency Response

CITRA - Information Security and Emergency Response

CITRA is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecomms networks in Kuwait.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

SafetyDetectives

SafetyDetectives

SafetyDetectives mission is to give our readers accurate and valuable information so they can make informed decisions about staying safe, secure and protected on the internet.

Salem Cyber

Salem Cyber

Salem Cyber builds Artificial Intelligence (AI) solutions that work collaboratively with people to address scalability challenges in cybersecurity operations.

eCloudvalley Digital Technology

eCloudvalley Digital Technology

eCloudvalley Digital Technology is a born-in-the-cloud partner focused entirely on AWS services across APAC region.