An organization’s employees are one of the biggest risks to its cybersecurity. In fact, human error is considered the leading cause of data breaches.
However, an organization’s employees can also be a huge asset for an organization’s cybersecurity. If employees are provided with the knowledge they require to identify cyberthreats — through an effective and engaging security training program — they can act as another line of defense for an organization.
When designing a cybersecurity training program, it’s important to ensure that it covers the cyberthreats that an organization is most likely to face. This article outlines the ten most important security awareness topics to be included in a security awareness program
1. Email scams
Phishing attacks are the most common method that cybercriminals use to gain access to an organization’s network. They take advantage of human nature to trick their target into falling for the scam by offering some incentive (free stuff, a business opportunity and so on) or creating a sense of urgency.
Phishing awareness should be a component of any organization’s security training program. This should include examples of common and relevant phishing emails and tips for identifying attempted attacks, including:
- Do not trust unsolicited emails
- Do not send any funds to people who request them by email, especially not before checking with leadership
- Always filter spam
- Configure your email client properly
- Install antivirus and firewall program and keep them up to date
- Do not click on unknown links in email messages
- Beware of email attachments. Verify any unsolicited attachments with the alleged sender (via phone or other medium) before opening it
- Remember that phishing attacks can occur over any medium (including email, SMS, enterprise collaboration platforms and so on)
Malware is malicious software that cybercriminals use to steal sensitive data (user credentials, financial (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Bo562Yssu5M/