With employee-focused cyber crime running rampant, information security awareness training can no longer be overlooked. That’s exactly why more and more companies are taking the necessary step of prevention over cure when it comes to these types of employee-targeted attacks - making way for information security awareness training to boost their cyber resilience.
But where do you start? After all, there’s an ever-changing landscape of threats that employees can no longer afford to be unaware of. Using our own success in educating countless employees around the globe, we’ve picked out our most important information security awareness topics that your employees need to be educated on...
"Security awareness training can reduce a company's exposure by up to 70%"
SAT Topic #1- Email Security/ Phishing
As one of the primary tools of our daily work life, cyber criminals use email as their primary attack method when targeting organisations. Phishing emails, malicious URLs and attachments riddled with malware are all commonplace in these attacks.
Your security awareness topics should focus on educating employees on how to distinguish the difference between a legitimate email and a harmful one. It’s just as important for employees to know the different types of phishing emails, whether it be spear phishing or business email compromise, as well as where to report their suspicions.
There are numerous types of employee targeted phishing scams. Don't worry! Here is the complete guide to employee targeted phishing scams.
SAT Topic #2- Social Engineering
You might have expensive firewall equipment in place, but no level of technology is capable of fully fighting the age-old battle of human manipulation. Attackers will attempt to gain the trust of an employee in order to obtain access to sensitive information, often by impersonating someone of a trusted source.
Employees need to be educated on security awareness topics that cover the most common social engineering techniques and the psychology of influence (for instance: scarcity, urgency and reciprocity), in order to combat these threats.
SAT Topic #3- Passwords
If you’re one for taking notice of recent surveys, then here’s one for you: more than 80% of people (aged 18 and over) reuse the same password over multiple sites. Make of that finding what you will, but there’s no arguing that too many of us are way too lax when it comes to password security. Weak passwords, credential sharing and reusing login details are a growing issue for businesses.
Your workforce needs to understand why passwords are so vital and why it’s important to never share them. Also, content needs to cover the best practice of choosing a complex password, as well as implementing two-factor authentication.
SAT Topic #4- Social Media
Employees often overshare a wealth of personal information on social media platforms without a second thought, handing over the perfect opportunity for attackers to research a potential victim for social engineering. There’s also the risk of accidentally sharing sensitive corporate information, often found in the background of pictures in the workplace.
As annoyingly addictive as social media is, it’s important for employees to be aware of the growing use of social media for targeted attacks. Effective security awareness training around this topic should also cover what not to share, key warning signs for fake profiles and company pages, and the risks of taking and sharing photos in the workplace.
SAT Topic #5- Mobile Security
In an information age where we constantly require data on demand, the use of cloud-based platforms and mobile devices are increasingly used to enable our businesses. Each of these mobile devices represents yet another potential point of compromise.
That’s why it is critical for your employees to understand a range of security best practice around their devices, including the risks around installing applications, using public Wi-Fi hotspots, password security, and the importance of VPN usage when using new networks.
"Only 1 in 10 users actually report loss of confidential company data"
SAT Topic #6- Working Remotely
With flexible working being offered by more and more businesses, the risks of working away from the security of the corporate network continues to give IT department’s sleepless nights. There are many benefits with employees working from home, but there is a lack of control of the devices and data used and accessed by employees working remotely.
Lost or stolen devices, connecting to weakly-secured public Wi-Fi, and even the threat of shoulder-surfing are all more than worthy subjects when it comes to this security topic. Educating employees on how to better safeguard when in such scenarios will offer an invaluable added layer of protection.
SAT Topic #7- BYOD
The security topic BYOD seems to be the centre of attention for many companies, due to its effectiveness and improved quality of work from employees. BYOD makes it easier for employees to work and employers to not spend money on devices and fixing them.
However, with the many benefits, there are also quite a few risks associated with BYOD in the workplace. For example, lack of security updates on a personal device, poor password security and potential risk of lost or stolen devices.
One training topic that you must cover is BYOD, your employees should be able to understand how to correctly use their devices in the workplace, have an understanding of the various BYOD risks and how to mitigate them to protect their personal and corporate data.
SAT Topic #8- Physical Security
Physical security is the protection of personnel, hardware, software, data and networks. Physical security tends to get overlooked in businesses, even though it's equally as important as online security. Like everything in any organisation devices and infrastructures are vulnerable to damage.
Every organisation, business or home will be protected by some form of physical security, with most security measures being part of everyday lives it's common for them to be overlooked. Physical security is ever changing simply to adapt to growing threats. It continues to be modernised to maintain its value and effectiveness.
Your security awareness topics need to focus on how physical security is used in your employees' day-to-day schedules and the many risks that can occur if precautions are not taken. Whether its human error or malicious intent that causes the devices to be destroyed it's important to know how to prevent these risks before they even occur.
SAT Topic #9- Removable Media
Another security awareness topic that is used daily by companies is removable media. Removable media is the portable storage medium that allows users to copy data to the device and then remove it from the device to another and vice versa.
As well as understanding the risks your employees need to know how to use these devices safely and responsibly in your business. There are numerous reasons a company would decide to use removable media in their environment. However, with all technologies, there will always be potential risks. As well as the devices themselves, it's important your employees are protecting the data on these devices, whether its personal or corporate, all data has some form of value.
A few common examples of removable media you and your employees might use in the workplace are:
This security awareness topic should be included in your training and cover examples of removable media, why its used in businesses, how your employees can prevent the risks such as lost or stolen removable devices, malware infections and copyright infringement.
Security awareness training is not something that should happen once a year if you want your employees to retain any useful information. A good security awareness program will train your employees on a regular basis. Doing so will fill in any knowledge gaps and increase their general awareness of security risk and how to prevent them.
If your struggling to find the best security awareness platform for you and your employees we have a free trial for you to try, no card details required: