Creating A Security Awareness Training Program

Does your organization take security seriously? Do your users know how to fend off social engineering attacks? Do your organization's portable devices have data encryption enabled? If you answered "no" or "I don't know" to any of these questions, then your organization is not providing good security awareness training.

Wikipedia defines security awareness as the knowledge and attitude that members of an organization possess regarding the protection of both the physical and information assets of the organization. In a nutshell, loose lips sink ships. That's really of what security awareness is all about.

If you are responsible for the information assets of your organization then you should develop and implement a security awareness training program. The goal should be to make your employees conscious of the fact that there are bad people out in the world that want to steal information and damage organizational resources.

Let's look at some tips for creating an effective security awareness training program:

Educate Users on the Types of Real-world Threats They May Encounter

Security awareness training should include educating users on security concepts such as recognizing social engineering attacks, malware attacks, phishing tactics, and other types of threats that they are likely to encounter.

Teach the Art of Password Construction

While many of us know how to create a strong password, there are still many people out there that don't realize how easy it is to crack a weak password. Explain the process of password cracking and how offline cracking tools work. They may not understand all the technical specifics, but they will at least see how easy it is to crack a poorly constructed password and this might inspire them to be a little more creative when it's time for them to make a new password.

Focus on Information Protection

Many companies tell their employees to avoid discussing company business while they are out at lunch because you never know who might be listening, but they don't always tell them to watch what they say on social media sites. A simple Facebook status update about how mad you are that the product you're working on won't be released on time could be useful to a competitor who might see your status post, should your privacy settings be too permissive. Teach your employees that loose tweets and status updates also sink ships.

Rival companies may troll social media looking for employees of their competition to gain the upper hand on product intelligence and who's working on what. 

Social media is still a relatively new frontier in the business world and many security managers are having a hard time dealing with it. The days of just blocking it at the company firewall are over. Social Media is now an integral part of many companies business models. Educate users on what they should and shouldn't post on Facebook, Twitter, LinkedIn, and other social media sites.

Back Up Your Rules With Potential Consequences

Security policies without teeth aren't worth anything to your organization. Get management buy-in and create clear consequences for user actions or inaction. Users need to know that they have to protect information that is in their possession and do their best to keep it safe from harm.

Make them aware that there are both civil and criminal consequences for divulging sensitive and/or proprietary information, tampering with company resources and other insecure behaviour.

Don't Reinvent the Wheel

You don't have to start from scratch. The National Institute of Standards and Technology (NIST) has written a book on how to develop a security awareness training program, and best of all, it's free to download. NIST's Special Publication  - Building an Information Technology Security Awareness and Training Program is hepful in learning to learn how to make your own.

Stacie Orlandi is a professional essay writer for reddit

You Might Also Read: 

Writing An Effective Cybersecurity Policy: 5 Essential Steps:

 

« N.Korean Hackers Target US Health Providers With Ransomware
Suspicions That Explosion At US Gas Export Terminal Caused By Russian Hackers »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

NetFort

NetFort

NetFort provides software products to monitor activity on virtual and physical networks.

Platin Bilişim

Platin Bilişim

Platin Bilisim is an IT Security company providing consultancy, solutions and operational support services.

Y-PARC

Y-PARC

Y-PARC is a center of excellence for cybersecurity, precision industries and medtech, fostering innovation and development and support for startups.

Accelerator Frankfurt

Accelerator Frankfurt

Accelerator Frankfurt is an independent go-to-market program focused on Fintech, Cybersecurity and Digital B2B startups.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Edgile

Edgile

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Financial Services Information Sharing and Analysis Center (FS-ISAC)

The Financial Services Information Sharing and Analysis Center is the only global cyber intelligence sharing community solely focused on financial services.

HarfangLab

HarfangLab

HarfangLab develops a hunting software to boost detection and neutralization of cyberattacks against companies endpoints.

Hackuity

Hackuity

Hackuity is a breakthrough technology solution that rethinks the way of managing IT vulnerabilities in enterprises.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

Moonsense

Moonsense

Moonsense is on a mission to level the playing field in the fight against online fraud.

Edge Security

Edge Security

Edge Security is an information security research and consulting firm of expert hackers.

UltraViolet Cyber

UltraViolet Cyber

UltraViolet is an industry leading tech-enabled managed security services company.