Why Employees Need Cybersecurity Awareness Training
It’s no surprise that human error is considered the biggest cybersecurity vulnerability for organizations. Managing worrisome employee behavior is perceived as the greatest concern and most difficult insider threat for companies to detect, according to a 2020 CyberEdge Report. Much of this happens due to either a lack of user security awareness and internal resources used to train and monitor employees.
Insider threats are malicious attacks that originate from inside an organization. They typically occur because of employee or contractor negligence, a criminal or malicious insider, or an employee/user credential thief. On average it takes 77 days to contain an insider incident, with employee or contractor negligence costing companies the most.
Building employee security awareness is just as crucial as maintaining a proper Security Incident & Event Management (SIEM) System. SIEM collects and aggregates systems logs, firewall logs, IDS/IPS logs event logs, etc. and allows for simplified monitoring, investigations, and identifying of potential security issues. Unfortunately 74% of organizations are unaware how many digital keys and SSL/TLS certificates their employees have or actually use.
Employee Cybersecurity Training Topics
Since 90% of working adults also use employer-issued devices for non-work activities, it’s time to close the gap on security awareness training for employees. Periodic cybersecurity training sessions including, in-person, web-based and simulated compromise-and-breach scenarios are the most effective methods to teach and reinforce good behaviors. Here is a list of the most important cybersecurity training topics to be included in workforce trainings:
Awareness is Everything
There is only so much you can do to monitor and educate your employees and vendors about the perils of cybersecurity. Incorporating an interactive training session specially designed for your company is the best way to mitigate potential insider threats. These sessions can be tailored to executives, specific departments (e.g., HR, legal, etc.) or for all employees. As always, your trusted CMIT advisor is here to help. Contact us to learn more about affordable cybersecurity training topics for your business.
Written by: Chris Zambuto | Chief Information Security Officer @CMITBostonCambridge