Training for Security About Awareness More

NetworkSecurity_774.png Executives Are Users, TooExecutives have become a major target because obtaining their credentials opens a wider attack surface than most other users’. In its recently released “2019 Data Breach Investigations Report,” Verizon determined that senior executives are 12 times more likely to be attacked through social interactions and nine times as likely to be the target of social breaches as compared to previous reports. Most of the attacks dealt with financial threats, which represented about 12% of the total. Phishing Is Top of the ListIn my previous No Jitter post, “Enterprises Not Doing Well on Net Protections,” I reported that phishing with social engineering was the primary method for obtaining credentials (46% of the threats) and access to IT systems and networks. You may be able to thwart some of these threats with software, but the ultimate prevention method is user avoidance of the threats. This is where adequate and consistent training will succeed. If you don’t conduct an employee vulnerability assessment, you’re missing one of the best preventative steps available. Using simulated phishing techniques, you can assess what users would do when they’re sent phishing emails. This helps uncover poor behavior and vulnerabilities. Make Teams, Slack, Other Collaboration Tools Ultra-Secure Sorell Slaymaker August 21, 2019 Read how Hotshot adds location and time elements to its MFA strategy and discover how you can protect your enterprise with a zero-trust architecture. Keeping Your Communications Systems Safe Takes Practice Gary Audin August 29, 2019 Don’t assume you’re ready for a security attack if you’ve never exercised what you have in place. Don’t Make It PainfulWhen I was in military intelligence, security was of paramount interest. I attended many security classes, but unfortunately some of them were extremely boring and didn’t motivate me very well. On the other hand, the penalties for breaking security were so severe that I paid attention. What Can a Dark Web Scan Do?You probably don’t know which users’ accounts are located on the dark web, which is made up of hidden websites that are accessible with special software. To find out, you can use a tool like Have I Been Pwned? This free tool will tell you whether your email address or password appears in one of more than 300 data dumps from websites, and it will notify you when your email address appears in a new data dump. Cybercriminals increasingly target users rather than infrastructure. You train your users about cybersecurity. You may test them, but do you consider that a passing grade that’s not a perfect score means some users didn’t learn all required cybersecurity skills? What they missed on the assessment test equals vulnerabilities that they still may respond to, thereby opening your network to attack. As many studies show, generally about half of all data breaches are caused by human mistakes or activities. In most cases, these result from poor training. What you want is the user to act as a human firewall and protect your organization. Don’t Forget the ContractorsOrganizations rely on contract workers, developers, consultants, VARs, and MSPs. The nature of contract jobs results in a feeling of impermanence that permeates throughout processes and policies. Contract workers are potential cyberattack victims, which means they need training to the same degree as full-time employees. Many contractors may have high levels of access and privileges, meaning that they have credentials that are more valuable than the average user. If you’re looking to discover if your credentials have been compromised, this is a useful service. Most pay-for services that say they scan the dark web are actually looking at data dumps. Am I Taking a Risk?If you discover an email address associated with one or more external data breaches, you should take immediate action to minimize the risk. You should change all the passwords associated with those accounts and employ stronger passwords. You need to make sure that the security training you deliver is positive, motivates, and engages users, and informs them of the risks that occur if they don’t apply the training they’ve received. Provide meaningful assessment feedback as part of the training. Your organization should foster a culture in which it is safe to raise concerns when users see or suspect something that can impact corporate security. Commit to continuous training. Ensure your users accept that cybersecurity in the workplace is everyone’s responsibility. Phish-Prone Testing, Keep Your Enterprise Secure Scott Murphy August 21, 2019 Phishing testing teaches employees to detect and respond to malicious emails, helping to create a culture of security. Train, test, and assess — that’s the best advice for keeping hackers from successful attacks against all of your user constituencies.Tags:News & Viewscybersecurityphishinguser trainingSecurityNews & Views Articles You Might Like The Threat of Toll Fraud Persists Irwin Lazar September 16, 2019 With a toll fraud prevention and mitigation strategy, enterprises can identify and mitigate potential toll threats – sometimes before they even happen. See All in Security » What Do I Train On?Once you’ve conducted the vulnerability assessment, you can improve your protections with education and training. The training should include: IT Security Refresh: The Cyber Defense Matrix Terry Slattery October 02, 2019 With the Cyber Defense Matrix, enterprises can measure their security coverage and discover gaps in their IT strategy. How to recognize phishing and phone scamsWhat the dangers are when using social media and how a user can spot scamsA rundown of corporate policy and guidance on the use of a company email address to register, post, or receive social mediaInformation on how to create strong unique passwords for every accountDiscussion of why your users aren’t allowed to install unlicensed software on any company computer, since free software commonly contains malwareHow to avoid using business emails for personal activitiesHow to protect mobile devices such as smartphones, laptops, tablets, and USB drivesMessaging that instills the concept that the door should always be locked Log in or register to post comments

Leave a Reply

Your email address will not be published. Required fields are marked *