Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure describes information security concepts and defines steps required to properly safeguard information. It is the responsibility of everyone- – each employee and home user—-to become familiar with good security principles and to follow the information protection tips.
Why You Need Cyber Security Awareness Training
The mantra among advanced cyber security experts for years has been “defense in depth, defense in depth.” Even with the greatest people and technology in place, the weakest link in your organization, when it comes to its IT security, are your own employees.
There are three main reasons why you need security awareness training:
Let’s look at the first reason, regulatory requirements. If your company falls under any regulatory requirements, find out what’s needed from an IT security standpoint. If your company falls under GLBA, PCI, HIPAA or Sarbanes-Oxley, you will need some element of security awareness training. Regulations requiring security awareness training understand that people are a weak link in IT security.
The Vanishing Perimeter (Thanks to Bring Your Own Devices policies).
The inherent vulnerability the human element entails is further compounded by companies, in an effort to reduce costs, allowing employees to bring their own computing devices to work (BYOD). BYOD, which we don’t recommend, along with the Internet of Things is responsible for the vanishing perimeter, which refers to your network being less defensible because people in your company are using devices and connections that are not under your security posture. The prevalence of the vanishing perimeter places an even greater emphasis on proper cyber hygiene, which can be taught by a good security training program.
Constant Changes in the Threat Landscape
Finally, you and your team have to stay on top of the latest cyber threats out there that look to exploit the human element, especially social engineering attacks. For example, spam and email phishing rates decreased last year while manually shared social media scams increased from 2% to 80% in the same time frame.
Ready for some scary statistics? Let’s look just at spear-phishing attempts in 2014:
34% of spear phishing attacks are aimed at small businesses
25% of spear phishing attacks are aimed at medium sized businesses
41% spear phishing attacks are aimed at large enterprises