Cyber Security Awareness
What is cybersecurity awareness training?
Employees play a major role in securing your business.
Why is it so important for businesses?
Increased security is the obvious reason why all businesses, big or small, should have employees of all levels learn the importance of protecting themselves and your company from “human exploits” and cyber attacks.
- 10% of SMBs went out of business after experiencing a data breach.
(National Cyber Security Alliance) - 85% of data breaches in 2021 were due to the “human element.”
(Verizon 2021 Data Breach Investigations Report) - The average cost of a data breach in 2020 was $4.24 million.
(Ponemon Institute/IBM Cost of a Data Breach Report 2021)
Many compliance regulations such as HIPAA, PCI, SOX, GDPR and CCPA, and even some insurance requirements, require cybersecurity training for all employees.
Starting Course
Video Transcription: Information Security Awareness
The purpose of security awareness training is to make all employees aware of information security policies, help us deal with problems when they arise, and to meet our compliance training requirements. We can have all the systems and technical controls in the world; but if we as human beings fail to follow our policies and security practices, then the whole system breaks down.
So first, what's the risk? What's the big deal? Well, there's a monetary risk. Your company could be fined if you're not found compliant with the laws in place. There's also a legal risk if an employee violates the law-- knowingly or unknowingly. And that risk extends to both the company and the individual.
Most importantly, though, there's a risk of damaging the company's reputation. You've seen it plenty of times where very big companies end up in the news due to data breaches. And you don't want that to happen.
There are a number of technology-related reasons for data breaches, such as new viruses or malware. But the overwhelming number of data breaches are caused by human error and carelessness. A sensitive document is left out in the open. A computer is left unattended for a few minutes without password protection. Sensitive information is sent over unencrypted email without a password.
Another cause of breach is social engineering. Techniques can be as simple as calling a company office, claiming to be from another company location, and asking for protected information. It's surprising how often this works.
Let's discuss some specific actions you can take. One, Update your anti-virus and anti-malware software. Two, don't install unapproved software. Three, keep your computer's operating system current by installing updates when you are notified of them. Four, log off or lock your computer screen when not in use and make sure to use a password-protected screensaver.
Five, physically lock up documents that contain sensitive information when not in use. Six, adopt a clear screen, clear desk approach to your work. Seven, never write your passwords down. A password written on the sticky note on your monitor is the same as not having a password at all. And eight, never open email attachments that come from people you don't know.
The key is to make security a habit and to report suspicious or potential security issues to your local information security officer. Work on making security a habit and help protect all of your company's data, resources, and reputation.
That's all for this video. Thanks for watching.
Video Transcription: Information Security Awareness
The purpose of security awareness training is to make all employees aware of information security policies, help us deal with problems when they arise, and to meet our compliance training requirements. We can have all the systems and technical controls in the world; but if we as human beings fail to follow our policies and security practices, then the whole system breaks down.
So first, what's the risk? What's the big deal? Well, there's a monetary risk. Your company could be fined if you're not found compliant with the laws in place. There's also a legal risk if an employee violates the law-- knowingly or unknowingly. And that risk extends to both the company and the individual.
Most importantly, though, there's a risk of damaging the company's reputation. You've seen it plenty of times where very big companies end up in the news due to data breaches. And you don't want that to happen.
There are a number of technology-related reasons for data breaches, such as new viruses or malware. But the overwhelming number of data breaches are caused by human error and carelessness. A sensitive document is left out in the open. A computer is left unattended for a few minutes without password protection. Sensitive information is sent over unencrypted email without a password.
Another cause of breach is social engineering. Techniques can be as simple as calling a company office, claiming to be from another company location, and asking for protected information. It's surprising how often this works.
Let's discuss some specific actions you can take. One, Update your anti-virus and anti-malware software. Two, don't install unapproved software. Three, keep your computer's operating system current by installing updates when you are notified of them. Four, log off or lock your computer screen when not in use and make sure to use a password-protected screensaver.
Five, physically lock up documents that contain sensitive information when not in use. Six, adopt a clear screen, clear desk approach to your work. Seven, never write your passwords down. A password written on the sticky note on your monitor is the same as not having a password at all. And eight, never open email attachments that come from people you don't know.
The key is to make security a habit and to report suspicious or potential security issues to your local information security officer. Work on making security a habit and help protect all of your company's data, resources, and reputation.