Taking advantage of a user’s poor security practices is often a critical first step for malicious hackers or other cybercriminals seeking to compromise an organization’s systems and data. More than 80 percent of hacking-related breaches leveraged stolen or weak passwords, according to research for the 2017 Data Breach Investigations Report from Verizon. The report also says that about one in 14 users were duped by a phishing campaign that led them to click on a link or open an attachment that was malicious.
The number of recent and massive data breaches only highlights the critical importance of turning workers into effective frontline cyber defenders for their organizations. Employee training, as a complement to strong technical security controls such as anti-virus, anti-spyware and web filtering technology, can go a long way toward improving an organization’s overall security posture.
However, many businesses fall short when it comes to training their teams. Even companies with high board engagement in cybersecurity can struggle to get messages through to their workers: Our research shows that less than half of these organizations (48 percent) do an excellent job of communicating to employees the need to differentiate between public and sensitive data, and how to handle each type.
Companies often fail to invest adequate resources into developing a formal security awareness program that includes effective educational tools. There is often over-reliance on the IT team to keep the workforce up to date on cyber threats and security best practices. While IT is a logical resource for providing security training, few departments have the time or staff to do this well — or continuously. Also, IT personnel may not be the most effective teachers for employees who are not tech-savvy.
Security Training Based on Real Life
To help workers build foundational knowledge about security risks and best practices, learn that information at a comfortable pace and retain it, and understand their critical role as frontline cyber defenders, businesses need access to training resources that will engage their employees.
With that in mind, Protiviti’s Training and Communication Solutions team, in close collaboration with our Technology Consulting Group, has developed an IT Security Awareness Training Library for businesses to equip their employees with information that will help them keep data and devices secure. The library is the result of years-worth of observations from the practice field, where we have seen patterns of weaknesses and ways that cyber training can be improved.
The three- to five-minute interactive learning modules in our “Security Awareness Series” are designed to provide fast, effective and mobile-friendly training for employees, and to appeal to a broad audience. The video-based modules cover a range of timely information security topics such as:
- Data security
- Data privacy
- Password control policy
- Social networking
- Portable device security
- Spear phishing
We know firsthand from conversations with our clients — and from the news headlines — that the need for effective security training for employees is getting more critical by the day. Workers cannot help to protect the organization’s “crown jewels” if they don’t understand the risks, and how to avoid or respond to them. By making our field experience available to the public in the form of this training library, we hope to be part of solving that problem — and helping businesses become more cyber resilient.
Jon Williams, Director in Protiviti’s Training and Communications Practice, contributed to this content.