The right strategy for effective cybersecurity awareness – Help Net Security

Employees play a significant role in safeguarding organizational assets. With a constantly evolving threat landscape, cybersecurity awareness training is an essential component in creating a good security culture.
employees cybersecurity awareness training
81% of organizations were hit by malware, phishing, and password attacks in 2022, mostly targeting users.
But even though employees go through cybersecurity awareness training, half of organizationd’ leaders believe their employees still lack cybersecurity knowledge. This might be due to ineffective and insufficiently reinforced training programs and inconsistent cyber hygiene practices. Also, with the rise of generative AI, phishing emails have become more convincing and much harder to recognize.
Effective cybersecurity awareness training can help employees recognize phishing attacks and social engineering schemes, apply username and password best practices, report security incidents and, ultimately, protect sensitive data and systems and prevent their organization from falling victim to a ransomware attack.
The European Union Agency for Cybersecurity (ENISA) has outlined the following essential objectives of an organization’s cyber awareness program:
First of all, employees must be educated about the various threats they may encounter when in their work environment.
“In the security awareness industry we talk a lot about ‘phishing links’, but what other cyberthreats do your employees need to be able to spot? The focus has mostly been on ‘links’ because that’s usually where the attack converts to malware or fraud. But there are many other clues that employees need to be able to analyze,” Click Armor CEO Scott Wright said in the Q3 2023 CISO Report on Security Awareness.
“They may also run into USB (or portable storage device – PSD) attacks, phone calls, voicemail attacks, phishing SMS/text messages, social engineering emails that don’t have links, and even internal instant messages.”
Security practitioners must understand that not all employees are familiar with technology and the various threats that go with it, and should consider the level of cybersecurity knowledge when planning a cybersecurity awareness program.
Employees must be provided with real-life examples of potential threats, informed about the possible consequences and the positive impact of a prompt reaction.
When reporting security incidents, employees should feel empowered rather than shamed. They need to be educated about the significance of cybersecurity, emphasizing its role as a valuable skill, not only within their working environment but also in their private lives.
The objective is not to instill fear of cyber threats, but to upskill them by providing education and awareness. Recognizing and rewarding those who contribute to a safer cyber landscape becomes crucial in fostering a positive culture of cybersecurity, encouraging a sense of accomplishment and engagement.
Cybersecurity awareness training should be enjoyable, presented in straightforward language, and minimally disruptive to an employee’s daily work routine.
A good cybersecurity awareness program also needs to be personalized depending on the employees role – different access permissions can have a different impact in the event of an incident.
Security awareness is not just for security or IT teams – it’s a collective organizational responsibility.

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *