{"id":9857,"date":"2024-04-02T07:11:01","date_gmt":"2024-04-02T11:11:01","guid":{"rendered":"https:\/\/joindeleteme.com\/?p=9857"},"modified":"2024-06-13T08:45:00","modified_gmt":"2024-06-13T12:45:00","slug":"importance-of-security-awareness-training-10-factors-to-consider","status":"publish","type":"b2b-post","link":"https:\/\/joindeleteme.com\/business\/blog\/importance-of-security-awareness-training-10-factors-to-consider\/","title":{"rendered":"Importance of Security Awareness Training: 10 Factors to Consider\u00a0"},"content":{"rendered":"\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#10-reasons-for-security-awareness-training\">10 Reasons for Security Awareness Training\u00a0<\/a><ul><li><a href=\"#1-most-breaches-start-with-humans\">1. Most breaches start with humans<\/a><\/li><li><a href=\"#2-there-are-more-attacks-targeting-humans\">2. There are more attacks targeting humans\u00a0<\/a><\/li><li><a href=\"#3-threat-actors-and-the-tools-they-have-are-getting-more-sophisticated\">3. Threat actors (and the tools they have) are getting more sophisticated\u00a0<\/a><\/li><li><a href=\"#4-security-awareness-training-can-be-part-of-compliance-requirements\">4. Security awareness training can be part of compliance requirements\u00a0<\/a><\/li><li><a href=\"#5-consumers-care-about-their-privacy\">5. Consumers care about their privacy\u00a0<\/a><\/li><li><a href=\"#6-a-strong-security-culture-doesnt-happen-by-accident\">6. A strong security culture doesn\u2019t happen by accident\u00a0<\/a><\/li><li><a href=\"#7-it-and-security-teams-can-have-a-lighter-load\">7. IT and security teams can have a lighter load<\/a><\/li><li><a href=\"#8-knowing-what-an-attack-looks-like-can-help-reduce-response-times\">8. Knowing what an attack looks like can help reduce response times\u00a0<\/a><\/li><li><a href=\"#9-aware-employees-a-network-of-security-advocates\">9. Aware employees = a network of security advocates\u00a0<\/a><\/li><li><a href=\"#10-a-deeper-understanding-of-cyber-attacks-on-the-business\">10. A deeper understanding of cyber attacks on the business\u00a0<\/a><\/li><\/ul><\/li><li><a href=\"#why-security-awareness-training-is-not-enough\">Why Security Awareness Training Is Not Enough\u00a0<\/a><\/li><li><a href=\"#reducing-the-risk-of-personal-information-attacks\">Reducing the Risk of Personal Information Attacks<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<p>What\u2019s the importance of security awareness training?<\/p>\n\n\n\n<p>In this guide, we\u2019ll review 10 reasons every organization should consider implementing security awareness training.&nbsp;<\/p>\n\n\n\n<p>We&#8217;ll also tell you why training alone isn\u2019t foolproof (hint: it has something to do with the amount of employee personal information available online) and the additional steps you can take to empower your \u201chuman firewall.\u201d&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"10-reasons-for-security-awareness-training\">10 Reasons for Security Awareness Training&nbsp;<\/h2>\n\n\n\n<p>Below are 10 reasons security awareness training makes sense for every organization.\u00a0<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"1-most-breaches-start-with-humans\">1. Most breaches start with humans<\/h3>\n\n\n\n<ol class=\"wp-block-list\"><\/ol>\n\n\n\n<p>No matter how advanced your network security controls are, a human being can jeopardize your organization in a few seconds.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" src=\"https:\/\/lh7-us.googleusercontent.com\/WbU5ZVuCjvzZzQyoP3mKowFV8QkAYdYh6c5eTlhDOTESHrEYiZLE4Zp0agRjWWhoPWP6h3heG4hVKAdHqWcjMM7zFS-bAYfCObY9QftL-HfivGIcLeFWie4b00tc67QDnfveX3cdJfwYRYosyZXNxCQ\" alt=\"Twitter\/X post about a data breach that happened with human error\" style=\"width:416px;height:auto\" \/><\/figure>\n\n\n\n<p>About three-quarters (<a href=\"https:\/\/inquest.net\/wp-content\/uploads\/2023-data-breach-investigations-report-dbir.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">74%<\/a>) of breaches involve the human factor. Think employees making errors, misusing their account privileges, having their credentials stolen, or falling victim to social engineering attacks.<\/p>\n\n\n\n<p>A lot of the time, it\u2019s simple mistakes, like employees reusing passwords across work and home devices (<a href=\"https:\/\/www.keeper.io\/hubfs\/Workplace-Password-Malpractice-Report-2021.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">44% <\/a>do this) or not changing credentials after a data breach (<a href=\"https:\/\/www.lastpass.com\/resources\/ebook\/psychology-of-passwords-2021\" target=\"_blank\" rel=\"noreferrer noopener\">45%<\/a> admit to this), that expose your organization to unnecessary risk.\u00a0<\/p>\n\n\n\n<p>It\u2019s not getting any better, either &#8211; the number of people reporting password reuse <a href=\"https:\/\/engage.spycloud.com\/rs\/713-WIP-737\/images\/spycloud-report-2022-annual-identity-exposure-report.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">is growing<\/a>, not shrinking.\u00a0<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"2-there-are-more-attacks-targeting-humans\">2. There are more attacks targeting humans\u00a0<\/h3>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\"><\/ol>\n\n\n\n<p>Even with decent security strategies, companies are at risk due to the sheer volume of attacks their employees are experiencing. In 2023, phishing attacks were the <em>top cause<\/em> of reported data breaches.&nbsp;<\/p>\n\n\n\n<p>The average organization receives <a href=\"https:\/\/assets.barracuda.com\/assets\/docs\/dms\/2023-spear-phishing-trends.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">up to five<\/a> targeted phishing attacks every day, putting employees on the front lines of determining whether an email is legitimate.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"3-threat-actors-and-the-tools-they-have-are-getting-more-sophisticated\">3. Threat actors (and the tools they have) are getting more sophisticated\u00a0<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.homesecurityheroes.com\/ai-password-cracking\/\" target=\"_blank\" rel=\"noreferrer noopener\">AI-driven password crackers<\/a> can now crack the most common passwords in under a minute, and deepfake AI can create deepfakes that are so convincing that employees have reportedly <a href=\"https:\/\/edition.cnn.com\/2024\/02\/04\/asia\/deepfake-cfo-scam-hong-kong-intl-hnk\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">paid out $25 million<\/a> to criminals.\u00a0<\/p>\n\n\n\n<p>By regularly training employees, you can help them stay current with the latest threats and teach them how to recognize and respond to them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"4-security-awareness-training-can-be-part-of-compliance-requirements\">4. Security awareness training can be part of compliance requirements\u00a0<\/h3>\n\n\n\n<p>Many industries have regulations that necessitate organizations to maintain certain security standards, including regularly educating their workforce about security.&nbsp;<\/p>\n\n\n\n<p>Training helps comply with laws such as HIPAA that mandate data protection and privacy.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"5-consumers-care-about-their-privacy\">5. Consumers care about their privacy\u00a0<\/h3>\n\n\n\n<p>When customers know that a company trains its employees in security practices, they may have more trust and confidence in that company\u2019s ability to protect their sensitive data.&nbsp;<\/p>\n\n\n\n<p>Unfortunately, most companies seem to fall short &#8211; <a href=\"https:\/\/www.arcserve.com\/blog\/consumers-sound-impact-ransomware-purchasing-behavior-and-brand-loyalty\" target=\"_blank\" rel=\"noreferrer noopener\">70%<\/a> of consumers think that companies aren\u2019t doing enough to protect their data.\u00a0<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"6-a-strong-security-culture-doesnt-happen-by-accident\">6. A strong security culture doesn\u2019t happen by accident\u00a0<\/h3>\n\n\n\n<p>It&#8217;s not just the IT department&#8217;s job to ensure security; every employee plays a part. The problem is, they might not know it.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>71% of employees say they took a risky action, and 96% did so <em>knowingly, <\/em>according to the <a href=\"https:\/\/www.proofpoint.com\/sites\/default\/files\/threat-reports\/pfpt-us-tr-state-of-the-phish-2024.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">State of the Phish<\/a> survey.\u00a0<\/li>\n\n\n\n<li>Just <a href=\"https:\/\/www.proofpoint.com\/sites\/default\/files\/threat-reports\/pfpt-us-tr-state-of-the-phish-2024.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">41%<\/a> of users said they <em>know <\/em>they are responsible for cybersecurity at their workplace. 7% said they\u2019re not responsible at all, and 52% weren\u2019t sure.\u00a0<\/li>\n<\/ul>\n\n\n\n<p>One of the main reasons employees take risky actions is because they\u2019re not sure who is accountable for security.&nbsp;<\/p>\n\n\n\n<p>What\u2019s particularly worrying is that there appears to be a disconnect between what employees believe and what security professionals think. More than 8 in 10 security professionals think most employees know they\u2019re responsible for cybersecurity.&nbsp;<\/p>\n\n\n\n<p>Security awareness training helps build a strong security culture where security becomes a shared responsibility.\u00a0<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"7-it-and-security-teams-can-have-a-lighter-load\">7. IT and security teams can have a lighter load<\/h3>\n\n\n\n<p>Well-trained employees reduce the workload on IT departments by minimizing preventable security incidents.&nbsp;<\/p>\n\n\n\n<p>For example, an employee who is able to spot a targeted phishing attack won\u2019t share sensitive information with criminals or enable ransomware. This allows IT professionals to spend more time on strategic initiatives, including implementing preventative measures.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"8-knowing-what-an-attack-looks-like-can-help-reduce-response-times\">8. Knowing what an attack looks like can help reduce response times\u00a0<\/h3>\n\n\n\n<p>Trained employees are more likely to spot and report security incidents quickly, reducing the potential damage and aiding in rapid response and mitigation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"9-aware-employees-a-network-of-security-advocates\">9. Aware employees = a network of security advocates\u00a0<\/h3>\n\n\n\n<p>Employees who are well-versed in security practices can advocate for security within their teams, promoting good practices among their peers and contributing to the security culture of the organization.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"10-a-deeper-understanding-of-cyber-attacks-on-the-business\">10. A deeper understanding of cyber attacks on the business\u00a0<\/h3>\n\n\n\n<p>Through training, employees better understand how their actions impact business continuity.&nbsp;<\/p>\n\n\n\n<p>For example, they can learn why it&#8217;s crucial to follow procedures for data backup, secure remote access, and proper handling of sensitive information.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"why-security-awareness-training-is-not-enough\">Why Security Awareness Training Is Not Enough&nbsp;<\/h2>\n\n\n\n<p>Even though security awareness training can improve employees\u2019 ability to spot and stop attacks, it\u2019s not enough to completely prevent data breaches.&nbsp;<\/p>\n\n\n\n<p>This is partly due to human psychology. Even after receiving training, employees are likely to use <a href=\"https:\/\/securitybrief.co.nz\/story\/despite-cybersecurity-training-85-of-employees-still-reuse-passwords-report\" target=\"_blank\" rel=\"noreferrer noopener\">easy-to-remember passwords<\/a> (that are just as easily decoded) and <a href=\"https:\/\/atlasvpn.com\/blog\/1-in-5-employees-fall-for-phishing-emails-even-after-a-security-training\" target=\"_blank\" rel=\"noreferrer noopener\">fall for phishing scams<\/a>.<\/p>\n\n\n\n<p>Another part of the problem is that attacks can come from multiple directions, and businesses aren\u2019t adequately preparing their workforce for it.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.proofpoint.com\/sites\/default\/files\/threat-reports\/pfpt-us-tr-state-of-the-phish-2024.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">73%<\/a> of organizations reported a Business Email Compromise (BEC) attack in the past year, but only 29% are teaching their users about it. Similarly, only <a href=\"https:\/\/www.proofpoint.com\/sites\/default\/files\/threat-reports\/pfpt-us-tr-state-of-the-phish-2024.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">23%<\/a> of organizations train their users on how to recognize and prevent telephone-oriented attacks, even though reports of these have risen in the recent past.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-us.googleusercontent.com\/1Kma2cGfgMu3uX0Uw2VUitYqa7RWyin2erT1YkCBbIlzKWj91LN2h4TtKcC4P1ndD17tO_7KUBEOZ3A6e4xaMO8VNuM3WXoYYP2_QKBeMJO9nUJvCqKBrhk0a-3gBQXe8cwY0Cks10AL-zRtRi8B-bA\" alt=\"Reddit post about security awareness training \" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"reducing-the-risk-of-personal-information-attacks\">Reducing the Risk of Personal Information Attacks<\/h2>\n\n\n\n<p>Attackers are increasingly using employees\u2019 personal information to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tailor their phishing campaigns (whether email, text, or phone call) to their targets.<\/li>\n\n\n\n<li>Impersonate them to their colleagues.<\/li>\n\n\n\n<li>Access their accounts by guessing their passwords and security questions.<\/li>\n<\/ul>\n\n\n\n<p>Educate your employees about the importance of shrinking their online footprints to reduce your human attack surface.<\/p>\n\n\n\n<p>The less information exists about employees online, the less cyber criminals will have to work with when guessing passwords or creating targeted spear phishing attacks.&nbsp;<\/p>\n\n\n\n<p>Ideally, you should train your employees on the importance of keeping their online presence private. This includes limiting the amount of personal information they share publicly on social media and removing personally identifying information from blogs, forums, and other online accounts.&nbsp;<\/p>\n\n\n\n<p>You should also enroll them in a data broker removal service.&nbsp;<\/p>\n\n\n\n<p>According to leaked <a href=\"https:\/\/www.varonis.com\/blog\/contileaks\" target=\"_blank\" rel=\"noreferrer noopener\">internal chat transcripts<\/a> from cybercriminal groups, data brokers are one of the biggest sources of employee information.\u00a0<\/p>\n\n\n\n<p><a href=\"https:\/\/joindeleteme.com\/blog\/what-are-data-brokers\/\" target=\"_blank\" rel=\"noreferrer noopener\">Data brokers<\/a> are companies that collect public information into single profiles and then sell them to any parties willing to pay a small fee.\u00a0<\/p>\n\n\n\n<p>Profiles can include details like employees\u2019 names, phone numbers, email addresses, family information, employment history, education, and organizational charts. In short, everything a criminal needs to plan and execute an attack.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-us.googleusercontent.com\/AdAnQklr8zxBoVGaCFvb_3C-eMXU4ycLUQzHtYZLDZC_DlYhPJUqsCXbv_rxjY1A-c6Ocrlrt0b8y9ZBj8qvlFniFCtPZSV4kzdkL-x4ITUvGZOqTq9JerUmpYk6Dv3C6AVQAvGo1hUvZUk9PUkOz70\" alt=\"Data broker profile\" \/><\/figure>\n\n\n\n<p>While it is possible to manually opt out of data brokers, doing so at scale and continuously is difficult (data brokers relist people as soon as they find more data on them).&nbsp;<\/p>\n\n\n\n<p>As a result, many organizations choose to subscribe their employees to a <a href=\"https:\/\/business.joindeleteme.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">data broker removal service such as DeleteMe.\u00a0<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What\u2019s the importance of security awareness training? In this guide, we\u2019ll review 10 reasons every organization should consider implementing security awareness training.&nbsp; We&#8217;ll also tell you why training alone isn\u2019t foolproof (hint: it has something to do with the amount of employee personal information available online) and the additional steps you can take to empower [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":9858,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"b2b-category":[45],"class_list":["post-9857","b2b-post","type-b2b-post","status-publish","format-standard","has-post-thumbnail","hentry","b2b-category-resources"],"acf":[],"_links":{"self":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/9857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post"}],"about":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/types\/b2b-post"}],"author":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/users\/14"}],"version-history":[{"count":0,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/9857\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media\/9858"}],"wp:attachment":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media?parent=9857"}],"wp:term":[{"taxonomy":"b2b-category","embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-category?post=9857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}