Importance of security awareness trainings during the pandemic

COVID-19 has changed the way people work all around the world. The need for social distance has made professional interactions less physical and more virtual, and working from outside an organization’s grounds is now commonplace. Such changes in business scenarios may cause new cybersecurity risks to rise, or known risks to change, and organizations need to ensure that their employees know what needs to be done in these situations.

How to improve the security awareness of employees during the pandemic:
  • Identify the most relevant information security risks your employees are exposed to;
  • Identify legal requirements the organization must fulfill regarding protection of information;
  • Consider how to deliver your message and how the content must be elaborated;
  • Define the target groups’ profile;
  • Develop the security awareness plan.

But how should you provide security awareness? And about which topics? Inadequate approaches, as well as too much or too little information, will only confuse people and complicate things.

This article will present how ISO 27001, the leading ISO standard for information security management, can help organizations provide security awareness training for their employees, with optimized effort and costs, in a way that allows people to receive proper and useful information on how to identify and handle cybersecurity risk situations.

What is security awareness training?

In short, security awareness training is any activity with the purpose of making people understand why security is needed. For example, it does not explain how to perform the backup; rather, it explains why backup is important for a company.

Its main characteristics are:

  • it does not go deeper into processes and methods (when needed, it includes references to policies, procedures, or other materials that may be consulted later);
  • the content / duration is brief (e.g., a one- or two-page document, or a five- to 10-minute (Read more...)

*** This is a Security Bloggers Network syndicated blog from The ISO 27001 & ISO 22301 Blog – 27001Academy authored by The ISO 27001 & ISO 22301 Blog – 27001Academy. Read the original post at: