{"id":9184,"date":"2024-03-01T08:52:35","date_gmt":"2024-03-01T13:52:35","guid":{"rendered":"https:\/\/joindeleteme.com\/?p=9184"},"modified":"2024-11-21T14:26:08","modified_gmt":"2024-11-21T19:26:08","slug":"security-awareness-training-explained","status":"publish","type":"b2b-post","link":"https:\/\/joindeleteme.com\/business\/blog\/security-awareness-training-explained\/","title":{"rendered":"Security Awareness Training Explained"},"content":{"rendered":"\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#what-is-security-awareness-training\">What Is Security Awareness Training?<\/a><\/li><li><a href=\"#why-is-security-awareness-training-important\">Why Is Security Awareness Training Important?<\/a><\/li><li><a href=\"#what-does-security-awareness-training-look-like\">What Does Security Awareness Training Look Like?<\/a><\/li><li><a href=\"#security-awareness-training-common-topics\">Security Awareness Training Common Topics\u00a0<\/a><\/li><li><a href=\"#security-awareness-training-is-important-but-not-something-you-can-rely-on\">Security Awareness Training Is Important, But Not Something You Can Rely On<\/a><\/li><li><a href=\"#how-to-combat-personal-information-based-attacks\">How to Combat Personal Information-Based Attacks\u00a0<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<p>Organizations around the world utilize security awareness training to make cyberattacks less likely.<\/p>\n\n\n\n<p>In this guide, we\u2019ll explain what security awareness training is, why it&#8217;s important, what it involves, and its limitations.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-is-security-awareness-training\">What Is Security Awareness Training?<\/h2>\n\n\n\n<p>Security awareness training is the process of educating employees, contractors, partners, and other stakeholders about why cybersecurity matters and how to avoid doing anything that might cause data breaches and other security incidents.&nbsp;<\/p>\n\n\n\n<p>Like any training activity, the goal is for the participants to learn new knowledge and behaviors. You want employees to better understand their role in keeping their organizations\u2019 assets safe and improve their ability to recognize potential threats online, such as phishing emails.&nbsp;<\/p>\n\n\n\n<p>Cyber awareness training can also be legally necessary. Conducting security awareness training is a compliance requirement for organizations that need to follow industry and government regulations, like <a href=\"https:\/\/joindeleteme.com\/business\/blog\/hipaa-security-awareness-training\/\" target=\"_blank\" rel=\"noreferrer noopener\">HIPAA<\/a> or PCI.&nbsp;<\/p>\n\n\n\n<p>Depending on the company, a cybersecurity awareness training program could be created and conducted internally, or a third-party provider may be brought in to help.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"why-is-security-awareness-training-important\">Why Is Security Awareness Training Important?<\/h2>\n\n\n\n<p>It\u2019s hard to understate how frequently human error causes cyber attacks. Security awareness training does not take away human error, but it can do a lot to make employees less likely to enable attacks.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-does-security-awareness-training-look-like\">What Does Security Awareness Training Look Like?<\/h2>\n\n\n\n<p>Your company\u2019s cybersecurity training program will be unique to your company&#8217;s operations.<\/p>\n\n\n\n<p>However, there are some best security training practices you should follow. A core one is to train people often. Ideally, in small doses.<\/p>\n\n\n\n<p>It\u2019s generally agreed that annual in-person training and long-form computer-based security awareness sessions are <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/feature\/How-effective-is-security-awareness-training-Not-enough\" target=\"_blank\" rel=\"noreferrer noopener\">ineffective<\/a> in changing user behavior.&nbsp;<\/p>\n\n\n\n<p>Instead, there should be frequent sessions throughout the year split into small modules that don\u2019t overwhelm employees and combine different learning activities and formats, like on-demand courses, quizzes, and simulations, paired with actionable steps.&nbsp;<\/p>\n\n\n\n<p>That way, it\u2019s easier for employees to digest and retain the information and for cybersecurity and data privacy to remain top of mind at all times rather than just once a year.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"security-awareness-training-common-topics\">Security Awareness Training Common Topics&nbsp;<\/h2>\n\n\n\n<p>Common topics for security awareness training programs include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Email security<\/strong>, for example, spear phishing simulations that teach employees how to spot suspicious emails requesting sensitive information or attachments that may contain ransomware or malware. Since phishing tactics are constantly evolving, phishing awareness training needs to continuously adapt to and highlight new cyber threats. To measure progress, it\u2019s a good idea to do a baseline phishing test before you train people to see what the open rates for untrained individuals are like.&nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"191\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media-42-1024x191.png\" alt=\"Tweet about failing a phishing test at work\" class=\"wp-image-9185\" style=\"width:622px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media-42-1024x191.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media-42-300x56.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media-42-768x144.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media-42.png 1166w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Password hygiene<\/strong>, like educating end users about the dangers of password reuse and other bad habits such as writing passwords on sticky notes. Consider also setting mandatory password lengths, banning default passwords, and leveraging two-factor authentication.&nbsp;<\/li>\n\n\n\n<li><strong>Physical security<\/strong>, such as training employees not to allow unauthorized persons into the building or office and reporting suspicious persons.&nbsp;<\/li>\n\n\n\n<li><strong>Safe social media usage<\/strong>, including teaching employees not to overshare on social media.&nbsp;<\/li>\n\n\n\n<li><strong>Remote work<\/strong>, like sharing information on how to make remote work environments secure.&nbsp;<\/li>\n\n\n\n<li><strong>Desktop security<\/strong>, which focuses on locking terminals that aren\u2019t in use and avoiding using unauthorized external devices.<\/li>\n\n\n\n<li><strong>Wireless network security<\/strong>, including the do\u2019s and don&#8217;ts when connecting to wireless networks, to minimize security threats.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"security-awareness-training-is-important-but-not-something-you-can-rely-on\">Security Awareness Training Is Important, But Not Something You Can Rely On<\/h2>\n\n\n\n<p>Even frequent security awareness training sessions <a href=\"https:\/\/www.securityweek.com\/security-awareness-training-isnt-working-how-can-we-improve-it\/\" target=\"_blank\" rel=\"noreferrer noopener\">can\u2019t completely eliminate human risk<\/a>.&nbsp;<\/p>\n\n\n\n<p>This is due to a few factors. First, there isn\u2019t necessarily a link between awareness and behavior change. Studies show that employees still use <a href=\"https:\/\/securitybrief.co.nz\/story\/despite-cybersecurity-training-85-of-employees-still-reuse-passwords-report\" target=\"_blank\" rel=\"noreferrer noopener\">easy-to-remember passwords<\/a> even after they receive training. They also still fall for <a href=\"https:\/\/atlasvpn.com\/blog\/1-in-5-employees-fall-for-phishing-emails-even-after-a-security-training\" target=\"_blank\" rel=\"noreferrer noopener\">phishing scams<\/a>.&nbsp;<\/p>\n\n\n\n<p>Bec McKeown, founder and principal psychologist at Mind Science, says:&nbsp;<\/p>\n\n\n\n<p><em>\u201cWhat people don\u2019t realize is that psychologically<\/em><strong><em> there is no direct link between awareness and behavior change. <\/em><\/strong><em>Most people believe that if you make people aware, they will do something about it. That is not true.\u201d&nbsp;<\/em><\/p>\n\n\n\n<p>Second, it\u2019s impossible to cover all possible risk scenarios, especially those personalized to an individual or group of employees.&nbsp;<\/p>\n\n\n\n<p>For example, with social engineering campaigns, it\u2019s easy to spot \u201cNigerian prince\u201d emails but much more difficult to tell if an email or text that references your personal details and seems to come from someone you know is real or fraudulent.&nbsp;<\/p>\n\n\n\n<p>When it comes to passwords, employees may learn to use unique login credentials for corporate accounts but wind up including their personal information (like their spouse\u2019s name or date of birth) in their passwords.&nbsp;<\/p>\n\n\n\n<p>When that happens, the account is not actually secure. Cybercriminals can easily find employees\u2019 personal information through various OSINT tools, including social media profiles, public records, and data brokers.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"960\" height=\"822\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media_43_3_60.webp\" alt=\"OSINT sources\" class=\"wp-image-9186\" style=\"width:550px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media_43_3_60.webp 960w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media_43_3_60-300x257.webp 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media_43_3_60-768x658.webp 768w\" sizes=\"(max-width: 960px) 100vw, 960px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/joindeleteme.com\/blog\/what-are-data-brokers\/\" target=\"_blank\" rel=\"noreferrer noopener\">Data brokers<\/a>, in particular, are worth a mention since they offer a lot of information in one place.&nbsp;<\/p>\n\n\n\n<p>These companies gather people\u2019s personal information from various sources, compile it into profiles, and sell these profiles to more or less anyone willing to pay for them.&nbsp;<\/p>\n\n\n\n<p>Profiles can include employee names, email addresses (personal and professional), phone numbers, education and employment history, and family details.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"968\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media-44.png\" alt=\"Data broker profile \" class=\"wp-image-9187\" style=\"width:527px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media-44.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media-44-300x284.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2024\/03\/media-44-768x726.png 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-to-combat-personal-information-based-attacks\">How to Combat Personal Information-Based Attacks&nbsp;<\/h2>\n\n\n\n<p>There\u2019s a secondary measure that can help ensure employees aren\u2019t as vulnerable to cyber attacks: Digital footprint reduction.\u00a0<\/p>\n\n\n\n<p>Many cyber attacks utilize personal information, such as employee names, positions, emails, and so on.&nbsp;<\/p>\n\n\n\n<p>Reducing the amount of information available about employees online can reduce the chances they\u2019ll be targeted. If nothing else, it can limit the number of phishing attacks employees are exposed to.&nbsp;<\/p>\n\n\n\n<p>To reduce employees\u2019 online footprint, consider the following steps:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enrolling employees in a <a href=\"https:\/\/joindeleteme.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">data broker removal service like DeleteMe<\/a>. <a href=\"https:\/\/www.varonis.com\/blog\/contileaks\" target=\"_blank\" rel=\"noreferrer noopener\">Internal chat transcripts<\/a> from cybercriminal groups like Conti confirm that threat actors use data brokers for intelligence gathering.<\/li>\n\n\n\n<li>Educating employees about the risks of sharing personal details on social media and elsewhere online.&nbsp;<\/li>\n\n\n\n<li>Revisiting employees\u2019 public biographies on company sites and social media accounts.&nbsp;<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Learn about security training, including why it&#8217;s important, what it involves, and its limitations.<\/p>\n","protected":false},"author":14,"featured_media":9188,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"b2b-category":[45],"class_list":["post-9184","b2b-post","type-b2b-post","status-publish","format-standard","has-post-thumbnail","hentry","b2b-category-resources"],"acf":[],"_links":{"self":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/9184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post"}],"about":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/types\/b2b-post"}],"author":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/users\/14"}],"version-history":[{"count":0,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/9184\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media\/9188"}],"wp:attachment":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media?parent=9184"}],"wp:term":[{"taxonomy":"b2b-category","embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-category?post=9184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}