Blog

The greatest threat to any organization is that employees may have the confidential data, policies and procedure of their employer organization. In order to prevent from stealth of such information, an organization has to set up and update its internal security processes and has to implement them strictly. It also has to train the employees and make them well aware of the security threats through security awareness and training.

One of the latest and most common threats to information security organizations actually comes from within the organization. It is not always the disgruntled employees and corporate spies who are threat to organizational data; rather, sometimes it can be the untrained employees as well. This article will mainly focus on untrained employees who can be a threat to data and network security of an organization. These employees can browse a website which may be infected with malware and which can save their login information in an unsecured location. Moreover, replying to phishing emails can also make their data vulnerable which can be exposed through reverse engineering. The best way to make sure that employees will not make such costly mistakes is to provide them with security awareness trainings. Though such trainings, an organization can make sure that employees have better understanding of organizational security policy and procedure.

Training Types

Security awareness trainings can be provided in different ways i.e. they can be utilized for employees in groups as well as can be directed to an individual employee. The medium of training includes  a classroom for training, security awareness website,  a security policy and procedure document for using email accounts, posters and visual aids, etc. which can be helpful for employees during the training programs.

Classroom Training

Delivering a training for security awareness can be beneficial for each employee as this type of training can be held for all employees in groups. The question and answer session can be held in this type of training in which the essential steps for security of organizational data can be elaborated by the trainer to the employees. Training time should be well enough to educate and train employees about security risks.

Website based Training

Website based training covers different sections e.g. file sharing, password policy, malware and types. It also includes audio, video, visuals, manuals formatting and external links. Self-based tutorials and quizzes are also held from which employees get knowledge about security protocols. The login and sign-in processes are included for each employee for this training so as to know that who has attended the training and who has not. Open question forum helps employees to ask questions which would have been missed out in training.

Useful Hints Training

Useful hints can be delivered through classroom and website or online training which can be helpful for creating awareness about security protocols. These hints consist of reminder notes and tips that are pushed to user screens when they login. Tips are made up of important notes that each employee should remember as security measures. Reminders are placed to make sure that employees run their scheduled tasks.

Visual Training

Visual training is used to share security awareness training through visual ads and quotes related to security features. Training through visuals is the best way to transfer message to all recipients.

Topic for Training

• Physical Security

The physical security cover involves locking your office door, cabinets, drawers because they could be the main focus of hackers. Training should include some statistics from the organization in past years. If an attacker or hacker can get access to any employee’s unlocked computer machine, then the hacker may install some malicious software, root kit, or key logger in it. The attacker who has physical access to that machine can generate any possible security breach for that computer.

• Computer System Security

The main step for applying computer (e.g. laptop, desktop) security is using passwords for computers for protecting them. The employee should have the habit of locking computer when he/she is going away from his/her computer. Proper password protected screensaver must be enabled so when the user is away that would come up automatically.

• Password Security

Password security should be implemented and enforced to each employee’s computer machine. Password or passphrase should be strong or difficult enough to crack and guess. In policy and procedure document, password strength and minimum length must be defined and explained. Security policy must strongly discourage the sharing of passwords and disclosing them in public. This rule regarding password policy should be enforced strictly.

• Phishing

Phishing security training includes things to be avoided carefully e.g. suspicious links in email, submitting confidential banking or other personal information via email, or any other communication source which the employees use on internet.

Conclusion

Security awareness training is the important aspect for any organization. Every employee should be properly informed about prevention and proposed remediation procedure for data security purposes. It will help organizations to evade facing a lot of problems that could affect or damage the security of the organization and consequently, can provide an opportunity to the hackers to tarnish the reputation of the organization. Therefore, the security awareness training is necessary to help employees to learn about prevention from malicious activity and data-theft.