SECURITY CHECK-IT: STEP 12
Security Awareness Training
What would we do without our great and loyal employees? Nothing! But unfortunately, hackers like to take advantage of our enthusiastic colleagues…
Imagine: the CFO is on holiday and a hacker is, of course, aware of this. He sends an e-mail in the name of an important client with the request to know when the CFO will be back from holiday, so he can plan a meeting. Nothing suspicious, thinks your colleague. So the management assistant forwards the requested information. The cybercriminal can then focus on the second one in order to process a payment on his account and has enough information to send an email in the name of the CFO to his assistant. And the assistant can’t ask because the CFO is on vacation… This makes it very easy for the hacker to send an email with the urgent request to click on a link and make a payment.
A lot of bad things can happen when hackers focus on your employees. The human factor is often the weakest link in security. That is the main reason to regularly hold a Security Awareness Training (SAT) for your staff.
A SAT Training has multiple purposes:
First of all, to create and raise awareness. Most people don’t believe they’re a target for hackers who want information. But if the training makes your team realize that they are part of the puzzle a hacker wants to put together, they will be less inclined to share – what seems to them to be – insignificant information. The goal is to awaken your employees to the consequences of clicking on links or sharing this information.
It is a way to influence the company culture towards safety. People attending an SAT training will be more supportive of taking and rolling out safety measures within the company, rather than pointing out the inconveniences.
It will involve people in the company’s cyber security policy. For example, they will understand why it is important to classify an email as spam by tagging it and regularly looking at the clutter or spam folder in their mailbox.
SAT training courses are socially responsible. Let’s say we’re working on an operating system that’s not vulnerable to a particular attack. That’s no reason not to care. We can spread malware from our phones to, for example, hospital PCs and risk the lives of many. So it is our social responsibility not to infect others. The SAT training gives us the basis to recognize and stop the spread.
For highly regulated companies in specific markets such as the financial sector or healthcare, SAT training is a legal requirement. By showing that you, as a company, meet these high standards, it opens new doors and possibilities.
Safety awareness training benefits both the employer and the employees. The more competent they are and aware of how to handle information that has to go through security protocols, the less sensitive they are to costly security incidents that hackers are likely to give thorough access to your data/network.
Do you have any questions or would you like to exchange more information about an SAT? We will gladly help you! Send an email to checkit@tyneso.com and we will contact you as soon as possible.