Security Awareness Training is a prescribed program geared toward instructing personnel about computer security. A company should have a corporate strategy with written policies and procedures, as well as whom to contact in the event that they detect a security risk. Additionally, regular training must be provided so that end users can keep up with the ever-changing threats that are out there. The National Institute of Standards and Technology has a great write up on how to build an Information Technology Security Awareness Training program.
Some common topics in a Security Awareness Training program are:
- Email Spam / Phishing
- Safe internet browsing
- Removable devices (IE: USB devices)
- Bring your own devices (BYOD)
- Physical controls
- Social engineering
- Malware / virus
Based on recent security environment, employees play a critical role in running a secure business. They are often the first point of contact to target for a malicious actor and maintaining a proper Security Awareness Controls and a training plan is the best way to fight off potential threats. Proper security testing and training will assist you in determining where your weak points are and strengthening them so that your company is at the least amount of risk possible.
At MIBAR.net we can help analyze these risks and provide training for your users so that they are not as susceptible to all the malicious threats that are out in cyber space.