Security Awareness Training : Better Safe than Sorry!

By

Image : whiteknightit

Security awareness, and training are the first line of defence in securing your organization against cyber attacks.

The first barrier that you will face is resistance to information security. This is a normal situation as employees tend to think security is not their job. But they are the problem. Majority of cyber attacks have been resulted from employee vulnerabilities  exploited by hackers through social engineering.

How to reduce resistance to information security ?

If you provide adequate awareness and training to your employees, and make them understand that they are also responsible for the information security of the organization.  Then your employees will be much better, more effective, and more efficient in using security controls. They will appreciate having the security controls, hence they are less likely to ignore, bypass, or disable them.

When they know why they need long passwords, why not share them with colleagues, and importance of vigilance in communications , privacy, data protection and compliance to standards, they will be proud to contribute to organization’s information security arrangements. 

Improved compliance  

A clear desk policy may not be useful, if the employees don’t aware of it. It will not be practiced in the organization. No one will bother untill a disaster happens when a confidential document leaked. Awareness is the key to practical  implementation of the policy. Therefore security awareness and training enables all the other security controls for managing  risks, and to achieve business objectives, and  compliance with standards and regulations.

Rreduced costs from information security incidents

An organization with security-aware employees, supported by well trained security professionals, is less probable to suffer information security incidents,  security breaches, and unplanned downtimes. Employees are least likely to become a prey for social engineering attacks and scams that will risk your organisation's information security. Your employees will be extra cautious using systems and the devices taken outside for work. They will be vigilant as well as spot any abnormal behaviors of their colleges or systems.  

Improved Incident response

An incident canot be responded until it is recognized and reported. The start of recovery process depends on your  employees knowing what to do, without delay.

Improved reputation and greater trustworthiness

Trust is a key factor in busuness, and a significant component of an organization’s reputation and brands. People like to feel safe when they give away their personal information such as credit card details. If your staff are trained to ensure data security, it will build confidence among your customers. With security-aware employees, your customers, suppliers and partners,  and visitors will  perceive a secure organization improving your reputation.

Situational awareness

This is the sixth sense of business. Your empyeees will be able to quickly assert if an email or phone call is genuine or a social engineering tactic. The spear-phishing attacks by email tend to appear that the sender is a colleague, acquaintance, or friend, addressing the recipient by name. it is the situational awareness that will wake their sixth sense to react automatically, not to  open the malacious attachment or click the link to become a victim of social engineering.

Be better safe than sorry

Awareness and training is a long-term investment in the overall business success and information security. Without having well trained employees in information security,  an  organization will appear untrustworthy. When security breaches occur, your reputation will be tarnished extra to financial and market losses. You would have prevented or mitigated such risks with security awareness and training of your employees.

Niranjan Meegammana 

Comments

Post a Comment

Popular posts from this blog

ISO 27001 ISMS in a Nutshell

By
Image
Image : ISO The ISO 27001 certification is the most comprehensive  information security standard recognized globally. It ensures standardizing of your organisation's information security strategies to ensure confidentiality, integrity and availability of your systems and data to conduct your business effectively.  Gaining the certification is a journey with several milestones. It is a carefully planned systematic activity that transforms an organisation to a secure entity,  where everyone becomes a stakeholder in information security. Follow this processes to get to your goal successfully. Step 1. Obtain Management Support . This is the most critical requirement to achieve ISO 27001 status. Your ISMS project will definitely fail if it does not receive to management support. The management should provide, people, money and strategic direction for your ISMS to be a success story. In the sections below you’ll find some tips on how to convince your management, and how much the implemen
Read more

How easily the data breaches occur? 5 ways to be aware of.

By
Image
Data breaches can occur at any unexpected moment. Unless you do not detect it fast, cybercriminals will have more time to exfiltrate information and cause bigger damage. On average it takes up to 30 days and costs $1 million to address a data breach incident stated 2021 Cost of a Data Breach Study. However, it could be more if you wait longer. Unfortunately, some took 6 months to respond.      Better safe than be sorry! Be prepared against data breaches.  There are 5 ways for your organization to avoid data breaches. Here is how. 1. Weak and stolen credentials  The most simplest way hackers use for data breaches is stealing passwords. Many people use predictable passwords like ‘Password1’ and ‘123456’. With them, cybercriminals don't even need to hack into a system to steal your sensitive data.  There are many tools that can help a cybercriminal to crack passwords. They run millions of popular credentials to break into your system. This requires you to have a strong password policy
Read more

Best Practices for secure Software Development

By
Image
image : OpenSense Labs Are you aware of the  Solarwinds attack in 2020? The hackers exploited software vulnerabilities of Orion IT monitoring and management software used by thousands of enterprises and government agencies. This hack triggered a larger scale supply chain incident which affected thousands of organizations, including the U.S. government. The attackers infliltrated the Solarwinds network, and infected the software used for Network monitoring before it shipped to customers.This insident and many more warn us on the importance of building secure software.  Secure software development is a methodology used for creating robust software by incorporating security practices into every stage of the software development life cycle (SDLC). It begins at planning stage before a single line of code is written, and continue through the life cycle. A bug fixing at implementation stage cost six times than fixing it during design stage. Every new feature added, may carry series of vulnera
Read more