User Security Awareness Training

-Think Before You Click!  Spread the word.

A top priority to protect your company’s information assets needs to be conducting regular computer user Security Awareness Training. This subject is, unfortunately, often minimalized as a lesser priority or omitted merely due to a lack of time/resources.

There is no substitute for an Information Security Plan and appropriate data security infrastructure (e.g., firewalls, anti-virus, anti-malware, anti-spam, content filtering, passwords, access controls, intrusion detection). However, all of this is of little value the when a system user clicks on a phishing email link, and that person’s system or the entire network becomes compromised. Malicious hacking attacks present in many different forms. The result can be any of a myriad of evils including but not limited to your file systems being encrypted (and unusable) with ransomware, your email addresses being used to send out spam, losing control of personally identifiable information (PII), Personally Identifiable Health Information (PIHI), Personally Identifiable Financial Information (PIFI), or worse. Some of the scariest security breaches are not immediately detected, and notification of the breach occurs via a customer, vendor, financial institution or law enforcement.

The bottom line is that you owe it to your company, your shareholders and especially your users to educate all systems users on security threats and best practices. Such training includes teaching them how to recognize security threats and address them appropriately. Nobody wants to be that person that got snookered and clicked the malicious link resulting in significant issues.

Security Awareness Training needs to be an ongoing process with regular reinforcement (e.g., recurrent training, posters, reminders). Effective Security Awareness Training needs to include the following topics:

User Awareness

• Importance of Information Security
• Types of Computer Criminals
• Common Threats
  • Virus / Malware
  • Worm
  • Trojan Horse / Logic Bomb
  • Phishing (Fake Email)
  • Pharming (Fake Web Pages)
  • Ransomware
  • Botnet
  • Social Engineering
  • Rootkit
  • MITM (Man In The Middle) Attacks
  • Password Cracking
• Recognizing a Data Compromise or Breach
• Data / Security Breach Notification Process

Secure User Practices

• Multiple Layer Security Defense
• Anti-virus and Anti-spyware
• Firewall
• Creating Secure Passwords (how-to)
• Avoiding Social Engineering
• Avoiding Malicious Software
• Secure Online Business (https://)
• Back Up Important Information

Note: All of this knowledge applies to home user personal computers/networks as well as that at work.  With many users working to some extent from their home office, Security Awareness Training is more important than ever.

Customize Security Awareness Training to suit your specific organization’s needs and policies. It is best if it is part of a well-communicated Information Security Policy. Conduct training at least annually as well as part of new associates on-boarding.

Be sure to spread the word about the importance of Security Awareness Training to your friends and co-workers.  Soltis Associates is available to assist with your company’s information security efforts including assessing the effectiveness of general controls, recommending security improvements, updating Information Security Policies & Security Awareness Training content as well as providing urgent assistance to address an actual or suspected security breach.

Stay tuned for additional information technology-related discussions. Create an account here to be notified of new posts. Comments are always welcome and shares appreciated.

Also – don’t forget – Think before you click!