Triskele Labs Blog

What do you need to include in your security awareness training?

Written by Nick Morgan | Mar 10, 2020 10:17:00 AM

In the workplace today, security awareness training is, arguably, one of the most important types of training employees receive, given the precarious nature of corporate cybersecurity. 

In the absence of meaningful awareness and cybersecurity education, individuals are more likely to take unnecessary risks or fail to take appropriate safeguards, even when warranted. Needless to say, even the smallest action or lack thereof can lead to damaging consequences for companies; some even racking up to millions of dollars.

Before scheduling security awareness training, it’s important to understand what any good training should include. 

LEARNING HOW TO WORK IN A SECURE PHYSICAL ENVIRONMENT

Cybersecurity issues aren’t necessarily confined to what happens behind a computer or smartphone screen. Sometimes, these issues can originate from physical environments including your easily-accessible workstation.

Without the right training, employees may, for example, not be mindful about people looking over their shoulder as they type their passwords, write passwords down and leave them in plain view, fail to protect their computers with passwords or leave company-issued phones unlocked and in places easily accessible by other people in the company.

In your security awareness training, make sure these issues are highlighted and employees are made aware of their dangers.

RISKY SOCIAL MEDIA PRACTICES

Social media marketing is a huge part of many businesses’ promotional strategy. While this is certainly necessary and must be leveraged as far as possible, it’s equally important to ensure that you’re following appropriate safety practices on social media.

When you organise a general cybersecurity training, make sure it includes security policies like 2-Factor Authentication, restricting login information to a few, trusted individuals, maintaining different passwords for different profiles, and so on. 

In this process, make sure the training covers how customer data needs to be handled, what can be shared on social media and what can’t. This is relevant for organisations that leverage customer or client testimonials or data analysis of any kind that’s converted into marketing material.

INSTIL A HEALTHY FEAR TOWARDS PHISHING 

Phishing, which is where company employees are tricked into divulging confidential information or installing ransomware on their devices by cybercriminals who pose as respected and recognisable individuals or entities via email, is a serious threat for modern workforces.

It’s crucial, therefore, that your security awareness training includes a comprehensive overview of what employees need to be mindful of when dealing with suspicious-looking emails or those that contain unusual requests.

The training could include, for instance, taking basic precautions like personally verifying requests for confidential information or unusual requests (like downloading certain software or apps) with the relevant people through other modes of communication, not clicking suspicious links, installing antivirus and firewall software and more.

THE PRUDENCE OF CYBERSECURITY SOFTWARE

As part of employee training, even a basic run-through of antivirus and anti-malware security software could help you set up basic defensive infrastructure across your company.

Given that it’s not fair to expect employees to find and download the right software, make sure you provide them with the applications they need to keep their work devices free from cybersecurity threats. There’s plenty of free software available, although you may find that paid applications offer more sophisticated defences. 

Make sure that your teams are briefed on the importance and mandatory nature of these tools and have security experts show them what this type of software can do and can’t do.

BROWSER BEHAVIOUR IS JUST AS IMPORTANT

The internet is a dark and scary place, especially if you’re wondering in doe-eyed, with a deer-like innocence.

Unsafe browsing habits at work can compromise both hardware and network security and lead to pretty ugly consequences. Advising employees about safe browsing habits is crucial and you shouldn’t assume that they know the basics.

As part of your security awareness training, make sure your teams are made aware of basic precautions like using antivirus and anti-malware software, updating Windows systems if that’s what they use, being cautious whenever they click popups, and other safe practices.

ORGANISE COMPREHENSIVE SECURITY AWARENESS TRAINING TO ENJOY GREATER CYBERSECURITY PROTECTION

Nowadays, cybersecurity awareness training is a basic necessity for companies that are keen on avoiding the pitfalls of a successful cybersecurity attack. 

To conduct your own security awareness training, speak to our team at Triskele Labs for expert-led awareness sessions