search

Identify the key elements of an education program for staff on cybersecurity

1 anos atrás
Comentários: 0
Visualizações: 73

While nearly 9 in 10 companies not only allow, but actually rely on their employees to access critical business apps using their personal devices, according to a recent Fortinet Threat Landscape Report, Android-based malware now represents 14% of all cyberthreats. And in addition to direct attacks, the number of compromised web sites, email phishing campaigns, and malicious access points continue to grow exponentially, infecting unsuspecting users – regardless of their devices –with spyware, malware, compromised applications, and even ransomware.

Show

And whenever a personal device of any of your employees becomes compromised, they can represent an increased risk to your organization as well. In addition to deploying mobile device management software and security clients to your employees, it is critical that you establish a cybersecurity awareness program that provides critical insights into how they can avoid these risks.

Here are five critical elements that ought to be part of any cyber security awareness program.

1. Beware of Public Wi-Fi

While most public Wi-Fi access points are perfectly safe, that’s not always true. Criminals will often broadcast their device as a public access point, especially in public locations like food courts or at large events. Then, when a user connects to the Internet through them, the criminal is able to intercept all the data moving between the victim and their online shopping site, bank, or wherever else they browse to.

Many smart devices will also automatically search for known connection points, like your home Wi-Fi. Newer attacks watch for this behavior and simply ask the device what SSID they are looking for. When the phone tells them it is looking for its ‘home’ router, the attack replies with, “I’m your home router,” and the phone goes ahead and connects.Smart devices will do the same thing with Bluetooth connections, automatically connecting to available access points.

To combat this issues, it’s a good practice for users to turn off Wi-Fi and Bluetooth until they are needed. In the case of wireless access, they should verify the SSID of a location, often by simply asking an establishment for the name of their Wi-Fi access point before connecting. Users should also consider installing VPN software so they can ensure they only make secure, encrypted connections to known services.

2. Use Better Passwords

Another mistake users make is using the exact same password for all their online accounts, usually because remembering a unique password for each site they have an account on may be impossible. But if a criminal manages to intercept that password, they now have access to all of the user’s accounts, including banking and shopping sites.The best option is to use a password vault that stores the username and password for each account, so all that needs to be remembered is the password for the vault. Of course, extra care must be taken to ensure that the vault password is especially strong and easily remembered. one trick for creating a strong passwords is to use the first letters of a sentence, song lyric, or phrase, insert capital letters, numbers, and special characters, and you’ve got a pretty secure password.

To be even more secure, consider adding two-factor authentication for any location where sensitive data is stored. It’s an extra step in the login process, but will significantly increase the security of their account and data.

3. Recognize Phishing

You’ve probably repeated to your users to never click on links in advertisements sent to their email or posted on web sites unless they check them first. There are a lot of tells, such as poor writing or grammar, complex or misspelled URLs, and poor layout that can be a key giveaway that an email is malicious.

But it turns out that there will always be someone who can’t resist opening an email, launching an attachment from someone they don’t know, or clicking on a link on a website – especially when it includes an enticing subject line. Which is why any educational efforts need to be supplemented with effective Email Security Gateway and Web Application Firewall solutions that can detect spam and phishing, validate links, and run executable files in a sandbox – even for personal email – to ensure that malicious traps simply do not get through to an end user.

4. Update Devices and Use Security Software

Users should have a corporate-approved security agent or MDM solution installed on any device that has access to corporate resources. This software also needs to be kept updated, and device scans should be run regularly.

Similarly, endpoint devices need to be regularly updated and patched. Network Access Controls should be able to detect whether security and OS software is current, and if not, users should be either redirected to a remediation server to perform necessary updates or alerted as to the unsecure status of their device.

5. Monitor Social Media

Criminals will often personalize an attack to make it more likely that a victim will click on a link. And the most common place for them to get that personal information is from social media sites. The easiest way to prevent that is to simply set up strict privacy controls that only allow pre-selected people to see your page. Individuals wanting an open social media profile need to carefully select who they will friend. If you don’t know someone, or if anything on their personal site seems odd, dismiss their request. And even if the person is someone you know, first check to see if he or she is already a friend. If so,there’s a significant possibility that their account has been hijacked or duplicated.

Keep Training Messages Short, Clear, and Regular

It is essential that you develop a comprehensive and effective security strategy for your users who have personal endpoint devices connected to your network. But don’t make the mistake of burying them in information. Break information down into easily digestible chunks. Provide a daily security tip. Post messages around the company, such as in the hallways or break room. Get the executive team to mention it in staff meetings. And provide checks, such as your own phishing emails, to help identify users that might need additional attention.

Learn more about Fortinet’s NSE Institute programs, including the Network Security Expert program, Network Security Academy program and FortiVets program.

Copyright © 2019 IDG Communications, Inc.

With the pandemic increasing the number of employees working from home to about 70%, based on a PwC survey, remote work brings its own dangers. The use of employee-owned devices, unsecure connections, and improper device usage leave companies vulnerable to a host of network intrusions. This is where training employees about cybersecurity awareness is a must.

Why is Cybersecurity Awareness Important?

According to the National Institute of Standards and Technology, organizations “should assume that malicious parties will gain control of telework client devices and attempt to recover sensitive data from them or leverage the devices to gain access to the enterprise network.”

Some of the ways they can gain access include:

  • Device loss or theft
  • Social engineering tactics
  • Phishing
  • Malware and ransomware
  • Zero-day exploits
  • Macro and script attacks
  • Botnet attacks
  • Neglecting to stay on top of OS patches, antivirus updates, and other critical upgrades.

7 Cybersecurity Awareness Best Practices for Employees

For minimizing the risk of a network intrusion, it’s necessary to bolster your first line of defense against external threats, aka training your employees on cybersecurity awareness. Here are 7 ways you can educate your remote workers on best security practices.

Make Cybersecurity Clear To Your Employees

The first step to getting employees acquainted with cybersecurity education is to outline a clear message about what is occurring in your company regarding cybersecurity.  Such a message needs to be understandable, relatable, and diversified.

  • Understandable – Avoid technical jargon that may confuse employees and cloud your message. When possible, use simplified terms that are accessible to the non-tech-minded layman.
  • Relatable – When talking about external threats, make it less about the central network and more about personal computer safety and home network intrusion. This way, employees can personally relate to the danger if it’s framed in terms of their phone or laptop.This enables them to have a personal stake in the security plan: no one wants to be the reason for a data breach that affects the whole company.
  • Diversified – A simple email outlining everything may not be enough. Think about how many emails the individual employee receives. By diversifying your communications strategy, you can ensure that employees read the message instead of dismissing it as just another announcement.

Encourage Taking Great Care Over Your Devices

A Forrester survey found that 15% of company breaches are caused by lost or missing devices. Whether it’s a corporate or personal device, training your employees about cybersecurity includes bringing awareness that their gadget acts as a gateway to your organization’s network. This makes it important to take care of their device and use it properly even in the confines of their home.

Help increase good device ownership by conducting the following:

  • Teach the difference between personal and corporate usage.
  • Make it mandatory to have a work account that’s subject to monitoring, restricted installations, and web filtering.
  • Beware of old-fashioned loss and theft.
  • Make sure security patches and OS updates are followed.

A device management and monitoring solution, such as our Multi-OS Device Remote Management can help mitigate risk by automating the push updates and tracking the device’s status and its location at all times. But this should only serve as a backup, and end-user security best practices should rest with the employee.

Teach Employees How to Spot Suspicious Activity

Improve your employees' eyes in spotting suspicious activities to enhance their cybersecurity awareness by teaching them to watch for the following signs:

  • Sudden appearance of new apps or programs on their devices
  • Strange pop-ups during startup, normal operation, or before shutdown
  • The device slows down
  • New extensions or tabs in the browser
  • Loss of control of the mouse or keyboard

Encourage your employees to report suspicious signs immediately. Even if it turns out to be a false alarm, it might still be beneficial to the employee by clearing up errors in their device that hamper productivity.

Identify the key elements of an education program for staff on cybersecurity

Reinforce Confidentiality

Working from home tends to make people more complacent, and this extends to cybersecurity. Drill the importance of passwords and authentication even if they work in their PJs. Just because they’re relaxed doesn’t mean security has to be.

To avoid cybersecurity threats regarding confidentiality, train your employees by conducting the following:

  • Enact periodic and unique password changes.
  • Teach employees about the dangers of using universal passwords, and use real-world examples from past data breaches. They might even want to see if their personal account passwords have been pawned.
  • Discuss the rationale behind VPNs, multi-factor authentication, and other secure log-on processes, and why they are important despite being time-consuming.
  • To combat unsecured storage of company data, provide concrete examples of stolen data incidents caused by an errant thumb drive or compromised personal Dropbox account.

Examine Individual Cases of Cybersecurity Breaches

Unlike an office environment with a controlled network, your employees’ home computer security can vary widely. Some may connect through their home Wi-Fi, while others may use connections from the public Wi-Fi at a coffee shop.

Some may have older devices that are no longer supported by security patches, and it may be necessary to address those concerns by:

  • Encouraging employees to use their company-provided devices. If it’s BYOD, check the device brand and model year to see if there are outstanding exploits.
  • Do a security sweep of home networks. For example, some older routers may have weaker WEP protocols instead of WPA-2, or some may even have the default password!
  • Pay attention to nomad employees and devise a security policy for them, since roaming data or public Wi-Fi hotspots bring their unique threats.

Take Advantage of Online Cybersecurity Courses

There are plenty of online resources when it comes to training employees on cybersecurity awareness, and not all of them have to be paid.

For management:

For employees:

  • The National Institute of Standards and Technology has a list of free and low-cost online training content specifically designed for employees, including webinars, short courses, quizzes, and certification.
  • This webinar series from the National Cybersecurity Alliance releases one video every other month, starting in November 2019, and ending in November 2020.
  • ESET offers a free one-hour training course that teaches best practices for remote employees. The paid version includes dashboard tracking of employee progress, phishing simulator, and certification and Linkedin badges.
  • FEMA’s IS-0906 course on workplace security awareness takes only 1 hour and tackles risks, prevention measures, and response actions for remote employees.

Make Cybersecurity Awareness an Ongoing Conversation

On average, corporate workers spend up to a quarter of their workday on email-related tasks. This makes a one-shot email message about cybersecurity a poor choice, since they may not be able to appreciate the significance or absorb the information in one sitting.

Here are some best practices to take with outlining a cybersecurity announcement to your employees:

  • Use different approaches to cybersecurity education, such as regular announcements or newsletter updates.
  • For each update, follow the KISS rule: Keep It Short and Simple. This way they can glean the message and retain the information amid their hectic day.
  • Follow current trends. If there’s a new type of crypto-malware or exploit that crashes phones with a single message, make sure it reaches your members.
  • Use eye-catching tactics each time to get them to absorb the message. Instead of listing dry statistics or do’s and don’ts, try colorful infographics. For long topics, try a video explanation.
  • You can even try cybersecurity tests to see if the lessons stick. For example, as part of its email safety education, HP sends out test phishing messages and congratulates employees that report it to IT.

Final Thoughts

Training your employees about cybersecurity awareness allows them to understand how they play a role in protecting your company. . Rather than being just another cog in the organization, they are the first set of eyes that guard against external threats. By encouraging vigilance and good cybersecurity awareness, is something that they can carry well beyond the confines of the office, even after things return to normal.

Identify the key elements of an education program for staff on cybersecurity

About the author

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.

Identify the key elements of an education program for staff on cybersecurity

Protect your fleet with Prey's reactive security.

Start a Trial

Identify the key elements of an education program for staff on cybersecurity

The quest for security already started. Party-up with Prey and catch up faster.

Where do I start?

Postagens relacionadas

Average temperature of ocean water
Average temperature of ocean water

What is the term used in referring to the degree of being able to achieve the desired result based on their objective or purpose?
What is the term used in referring to the degree of being able to achieve the desired result based on their objective or purpose?

How does the substitution effect work on the demand for goods?
How does the substitution effect work on the demand for goods?

What impact did silver have on Spain?
What impact did silver have on Spain?

Is executing simple harmonic motion with frequency n the frequency of its potential energy?
Is executing simple harmonic motion with frequency n the frequency of its potential energy?

Difference between ARMY membership and ARMY membership: Merch Pack
Difference between ARMY membership and ARMY membership: Merch Pack

A set of programs that coordinate all the activities among computer or mobile device hardware.
A set of programs that coordinate all the activities among computer or mobile device hardware.

Which of the following is not a type of iteration statement in java?
Which of the following is not a type of iteration statement in java?

Samsung tv set default sound output
Samsung tv set default sound output

Employees will view the behaviour of _____ as a benchmark for defining appropriate behaviour.
Employees will view the behaviour of _____ as a benchmark for defining appropriate behaviour.

Publicidade

ÚLTIMAS NOTÍCIAS

The method of programmed conflict that assigns a person to the role of critic is known as ______.
1 anos atrás . por JuvenileConfidant
Average temperature of ocean water
1 anos atrás . por SunnyPublisher
What is the term used in referring to the degree of being able to achieve the desired result based on their objective or purpose?
1 anos atrás . por DisruptiveComplexity
How does the substitution effect work on the demand for goods?
1 anos atrás . por IncompleteBowling
What impact did silver have on Spain?
1 anos atrás . por InsolentLine-up
Is executing simple harmonic motion with frequency n the frequency of its potential energy?
1 anos atrás . por ReformedEvacuation
Difference between ARMY membership and ARMY membership: Merch Pack
1 anos atrás . por DomedOrientalism
A set of programs that coordinate all the activities among computer or mobile device hardware.
1 anos atrás . por KnowledgeableStimulus
Which of the following is not a type of iteration statement in java?
1 anos atrás . por PlayingTranslation
Samsung tv set default sound output
1 anos atrás . por TartConspiracy

Toplistas

#1
Top 8 considere o conjunto a = (0, 1, 4, 5, 7, 8 utilizando os elementos desse conjunto responda) 2022
1 anos atrás
#2
Top 6 cardapio para marmitas congeladas 2022
1 anos atrás
#3
Top 8 28 semanas e 6 dias são quantos meses 2022
1 anos atrás
#4
Top 9 resultado do jogo do bicho da corujinha deu no poste 2022
1 anos atrás
#5
Top 4 palavras oxitona paroxitona proparoxitona 2022
1 anos atrás
#6
Top 8 lis significado do nome 2022
1 anos atrás
#7
Top 6 como tirar estrias branca com óleo de cozinha 2022
1 anos atrás
#8
Top 8 sonhar com nossa senhora aparecida livro dos sonhos 2022
1 anos atrás
#9
Top 7 10- a região onde se concentra a indústria de tecnologia de ponta, nos estados unidos, é: 2022
1 anos atrás
#10
Top 6 com relação ao conceito de aprendizagem colaborativa e correto afirmar que 2022
1 anos atrás

Publicidade

Populer

Publicidade

Sobre

Jurídica

Ajuda

Social

hometrjp
direito autoral © 2024 mesadeestudo Inc.