With the explosion of cybersecurity threats in the present era, it is imperative that you incorporate security awareness training into your employment process. This includes things such as webinars to which your employees have access, as well as training sessions conducted by security experts.

Your employees’ facility with these techniques will help minimize the threat of data breaches in the workplace, while additionally protecting their own homes and families—particularly if you have a BYOD (Bring Your Own Device) policy in place.

You Cannot Underestimate the Importance of Security Awareness Education

The technical aspects are of secondary importance; it is actually your employees that are first. Without them, the security protocols drafted by your Security Committee are as good as dust. Any able organization is driven by the people of which it is comprised; this is never truer than when security is involved.

Just consider, for example, the Ransomware attack named WannaCry that went on a multi-industry tear in 2017. It unleashed a sobering realization among industry security experts: their services and provisions were a lifeline to companies that had previously skated by with zero or minimal protection.

Security awareness vaulted to an all-time high as companies realized that a security management program is a must for any enterprise that hopes to persist today.

Standards and Regulations for Security and Awareness Training

Maintaining security awareness is straightforward, given the existence of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). By following its carefully and professionally laid-out policies, organizations will find themselves in compliance and well secured against threats to their clients’ personal health information (PHI).

The above is, of course, just an example of the regulations that govern a specific industry; the Gramm-Leach-Bliley Act (GLBA), which concerns identity theft and fraud, or the Federal Information Security Management Act (FISMA), which concerns information systems and the responsibility that employees have to understand security risks to them.

Perhaps the most popular and comprehensive regulation is the Payment Card Industry Security Data Standard (PCI DSS). This covers credit and debit card transactions so as to protect cardholder data.

An Overview of Security Awareness Training Topics

The primary goal of security awareness is to facilitate employee training, in order that they can be equipped to protect information so that no unauthorized changes can be made to it—by outside sources or unregulated inside sources. This protection primarily concerns customer data. Since this information is of paramount importance, any abrogations or intrusions can leave your company legally liable. Here is a very short overview of things to look for. Teach your employees about phishing scams.

1. Social Engineering

One of the most popular methods that hackers use to breach corporate security is social engineering. As such, you must consider this human element in your security awareness training. It exploits human weakness via malware, eavesdropping and identity misuse—such as gaining access to secure areas by pretending to be someone trustworthy or harmless.

2. Employee Awareness

This covers a host of issues. Security awareness training entails everything from password control—such as opting for passphrases instead of words to increase (significantly) the difficulty of a brute force attack, as well as email security.

In the latter, they should be aware that any unencrypted information that is sent can be intercepted. In-office browsing practices are also of paramount importance, as there are websites out there that are solely intended to capture information.

In sum, security awareness starts with regulations, then trickles down to employee practices. Implement them to protect your business against security breaches.

Ken Lynch
Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity's success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.