101: Cybersecurity training
Employees can be an organization's best line of defense against cyberattacks. Having educated, aware and engaged employees is just as crucial as having a good cybersecurity system in place. Information security company Shred-It, for example, said 47 percent of business leaders report human error as the cause of a data breach in their organization.
Make it a constant. Long gone are the days of cybersecurity being the focus of one employee training session a year. Risks and defenses are constantly changing; training must be varied, constant, measured and updated. According to the nonprofit Center for Internet Security, “Cybersecurity awareness comprises continual processes of integrating behavioral change into the business process.”
Establish accountability. Employees should know they are responsible for their actions when it comes to downloading software from unknown sites and other cybersecurity risks, says ComputerWorld.com. It should be clear “in case of a malware attack, an employee cannot say that he wasn't aware of the possibility of an attack.” This ownership prompts engagement.
Stage attacks. The best cybersecurity training is real-scenario training, says Eddie Schwartz of ISACA, previously known as the International Security Audit and Control Association. He told TechRepublic.com the best awareness comes when users have a simulated attack set up specific to their job. “They're asked to understand the lessons they've learned … and the implications on the business, on their personal lives and how they could have prevented it,” Schwartz says. “And then they're asked to share that experience with their peer group.” These staged attacks — an email phishing scam, for example, or suspicious USB drive left on an office table — can be arranged via an outside vendor with data measured by department.
WBJ Web Partners
Most Recent
Most Recent
0 Comments