Back to top

What is Cyber Security Awareness Training and Why Is It So Important?

Greg Manson

Did you know 40% of security breaches occur from the inside? Contrary to what you may think, the biggest threat to your environment is not getting hacked or losing equipment – the biggest threat is your employees. In fact, almost all security issues begin with human error. Computers don’t make mistakes, people do. 

With the changing landscape, it’s important that organizations provide periodic training for their employees to become familiar with your security policies and procedures. Security training is designed to increase security awareness among staff and to ensure your business meets compliance regulations.

Your employees are your first and primary line of defense against security breaches. Any employee with access to a work-related computer or mobile device should undergo thorough cyber security awareness training. By creating a culture of security within your organization and enforcing frequent training, you increase the chances of catching a scam or attack before it’s fully enacted, minimizing the damage and reducing the cost of recovery.

What should be covered in security awareness training seminars?

Every organization will have a style of training that’s most compatible with its culture. There are many options of what types of trainings to hold and what topics to cover. Security awareness training is not a one-and-done exercise and can be done through classroom training, online training, visual aids or even phishing campaigns. Regular security training through multiple media is ideal and an organization’s unique threat profile should also be factored in when deciding what subjects to cover. Possible subjects may include:

  1. Phishing - Phishing is a method hackers use to gain unauthorized access to company assets or sensitive personal information. The most common method is email, but it can occur by phone or in person. Recently, more sophisticated social engineering scam email messages don’t have clear red flags such as poor grammar, low quality graphics, or obvious suspicious links.
     
  2. Physical Security - How is your network physically protected? If you have on-premise servers, they should be in a secure location for only authorized personnel to access. Server rooms should be equipped with appropriate climate control systems, fire suppression systems, and power supply protection mechanisms to preserve the availability of your organization’s data
     
  3. Laptop/Desktop Security – User awareness is the most important aspect of laptop/desktop security. Often you can’t be 100% certain who is coming in and out of the office and wandering eyes aren’t out of the realm of possibility. Get into the habit of locking your computer, mobile or any other device. Locking your computer while you’re away will help protect confidential information or other sensitive data.
     
  4. Malware – Although many people have heard of the term ‘malware’ not everyone understands the different types of malware and what to do if they suspect their device has been infected.

The security landscape is always changing so it’s important that your business is constantly improving your security and changing with it. For more information about security awareness training or other forms of security testing, contact our experts today.