“A business will fall victim to a ransomware attack every 14 seconds by 2019, and every 11 seconds by 2021.”
The aforementioned statement – according to the 2019 Cybercrime Report by Cybersecurity Ventures, is alarming enough to make every organization strengthen its defenses against cyber-attacks and data breaches. Large corporations are investing heavily in purchasing robust security tools, hiring additional cybersecurity personnel and creating mandatory security awareness programs, to fortify themselves against the growing threat.
The biggest question looming right now is – are the businesses ready?
SANS Security Awareness report 2019 clearly indicates that security awareness is still considered as just another casual campaign.
Does that mean, we are overlooking something which should be dealt with more caution?
Any number of security tools implemented or any number of consultants hired will prove to be inconsequential if all working staff is not well trained in the basic tenets of information and data security. Until that happens, well guess what, your company is still at great risk.
The lack of a basic foundation for security in an organization leads to scenarios where employees easily fall prey to simple phishing and scamming attacks, and thereafter, divulging the company’s sensitive information. It is rightly said that employees are like a doorway to an organization; the lesser they are aware the more they are prone to vulnerabilities and threats. As a result, it becomes easy for an attacker to leverage social engineering techniques to gain access and privileges in an organization. For example, cybercriminals make use of simple phishing emails and calls to lure employees into their schemes and quickly exploit security loopholes.
Security Training Roadmap
Designing a proper roadmap for security training should be the first step. It involves various stages ranging from Planning, documentation, implementation and timely monitoring. Planning comprises activities such as deciding the frequency of conducting training programs, customizing the levels of documentation for different departments, creation an easy-to-do curriculum and finding ways to increase employee engagement. Each department in an organization has a different level of understanding when it comes to knowledge of Information Security. Hence, it should be the priority of the training & development team to prepare documentation which is easy to comprehend by all employees
After planning and documentation, comes the implementation stage. It is the main part of the whole program; improper implementation leads to boring sessions and unlearned audience. While delivering security trainings-keep in mind that the audience is completely unknown to the domain and requires simple topics to grasp, which will build thought-provoking and interactive sessions. Additionally, training should be conducted on a monthly or bi-weekly basis, this will keep the employees’ updated on recent trends in security. A separate doubts session should also be organized to cater to doubts and queries.
Monitoring and coordinating security training is another factor that will contribute towards auditing and measuring the performance of the security training department. Conducting surprise phishing & scamming campaigns along with random security quizzes will help in assessing the employees’ knowledge and growth. Also, rewarding employees with awards and appreciation notes on their knowledge and vigilance will boost their motivation and sincerity.
It is believed that implementing the right kind of security controls can save you in the long run, but the truth is- training your workforce with the right kind of security knowledge is the key to a powerful and secure organization. Nicholas Amhurst rightly said:
“There is not (said a shrewd wag) a more uncommon thing in the world than common sense.”
Essentially, in this digital age, security awareness is THE common sense which needs to be spread more to make it more common. Even the most expensive security tool can’t save your organization until the workforce has the right education on how to configure it. The ball is in our court now!
Security Awareness is Crucial For Any Organization
Invest In A Table-Talk Exercise For Your Employees Today
Cyber Security Incident Response Hotline +1-212-222-7061