Strategy Day 6 Security Awareness Training
Security Awareness Training
Users are the weakest link in security, given a lack of education and experience. Instituting a security awareness training program for every member of your staff will significantly reduce the probability of user-related errors and exposures.
Those first two lines deserve rereading.
That’s right, your employees are the biggest threat to your business assets and data. This usually stems from absence of a good Security Awareness Training program. Even if you are the most careful and security aware person in the world it does not take much imagination to realize that it is not the norm. In fact, you hear about it almost daily. There is always some newspaper article or television highlight about the newest malware threat that is going around.
Don’t take my word for it. How about this, just in regards to the current pandemic, a Business Insider article
Over 48,000 such domains have been registered this year. While some are legitimate sites, researchers have identified many that are malicious, and others that are empty sites “parked” on domains that could potentially be sold later.
Many of those sites are used for distribution of malware/ransomware that can either lock your data down through encrypting it until you pay a ransom or even to install programs on your systems that will steal your data. The former is often used in conjunction with the latter in order to cover their tracks and get into your wallet. The malware that can be installed is pretty slick too. It will often reside on/in your systems for many months slowly and secretly grabbing your critical data. Often, you will never know.
Then there comes the really bad guys. They are your employees who for whatever reason have decided that they will personally profit and sell your data. This is BIG BUSINESS!
From an article in Wall Street Journal Pro
In the hidden corners of the internet, company insiders routinely offer access to their employers’ computer systems, sensitive client information and even advance looks at financial statements and business deals, security professionals say.
While this particular type of threat is hard to stop it is not impossible. You just need to decide what tradeoffs you are willing to make and what risks you are willing to accept.
Get started with developing a security-first culture with user training.