Good information security awareness training can turn your workforce into the strongest line of defence instead of the ‘weakest link’. Around 70 – 80% of all breaches can be attributed to the human element, yet companies often focus their resource of software-based security solutions.
Where do we start?
If you haven’t already found our post “What’s the difference between Information Security and Cyber Security?”, it is a worthwhile read.
Information Security Awareness Training is key to instilling a culture of information security awareness within organisations. It sounds obvious but it’s critical to safeguarding important data and IP – security software solutions on their own will not guard against malicious attack if your users inadvertently provide a way to circumvent them. If there is a silver bullet against the threat of cyber-attacks, it’s education. Loss of data subjects’ personal data, company intellectual property and financial information can result in negative publicity, large fines and most importantly can have a drastic effect on people’s lives.
Information Security Awareness Training should be as mandatory as Health and Safety or Company Induction training. But it must not be just a ‘box ticking’ exercise. For the training to be effective it must really get in their heads, it should resonate with them, not just in their work lives but personal also. It needs to have content that genuinely piques their interest and inspires them to become constantly vigilant to information security threats.
Turn your workforce in to ‘First Responders’
First responders in emergencies are those that arrive at the scene of an incident assess the immediate medical priorities, apply necessary first aid and co-ordinate further, more specialised assistance and transportation.
So then, imagine a first responder working in an office, behind a screen.
A malicious, malware ridden email comes in, they spot it, isolate it, neutralise it and then forward it on to the appropriate IT security resource for further in-depth investigation and remediation. That same person, when a Spear Phishing email arrives in their inbox is able to spot the inconsistencies, possibly see that the address has been spoofed but, in any event, can fall back on their company’s forward thinking policy that dictates that certain protocols must be followed before any funds are transferred, thus stopping a costly and embarrassing theft of company money.
Now imagine that the first responder I’m talking about isn’t just one member of your staff, it’s all of them – the whole workforce. That’s all your staff on the lookout for emails of ill intent. All your staff making sure that person wandering around the office without a pass is authorised to be there. All your staff following correct information security procedures.
Now imagine how secure your workplace has just become. …Feels good, doesn’t it?
Well, what you’re imagining is what an organisation that has implemented a comprehensive information security awareness programme looks like.
eRiskology™: The Way to Instil a Security Aware Culture in your business.
We’ve collated our years of experience of delivering comprehensive information security awareness programmes to organisations, packaged it up and given it a name.
eRiskology™ is an organic, 3-year programme – applying simple, intuitive and personal multi-media messaging through 4 harmonised pathways. The pathways are designed to measure existing and changing awareness states through the capture of key performance indicators, collected to confirm and measure cultural change. These behaviour changes are also verified through live social engineering tests, conducted against your workforce. Our programme gets the information in their heads and proves it’s in their heads.