T2022_06 Why cybersecurity sensitization/awareness sessions are important within the workplace (26th April 2022)

Endpoint, network, application, and cloud security are all essential for the operations of a business, but technology alone isn't sufficient, and in addition to exploiting these technological weaknesses, criminals also exploit people's behavior and emotions. 85% of data breaches are caused by human error. Phishing scams are the most common and effective strategy used since it utilizes a variety of tactics to persuade people to provide personal data or information and even trick users into clicking on links that take them to compromised websites, which then lead to a full-fledged cyberattack. With the rise in cybercrime in recent years, businesses can no longer afford to be unaware of the immense damage that a single person might accidentally cause. 

 What is cybersecurity sensitization/awareness training?  

Employees receive security awareness training in order to spot cyber dangers, avoid potentially harmful acts, and take informed steps to defend their company. Topics covered in security awareness training may include spotting questionable emails, ransomware, physical security for workplace devices, network security, and other processes. Any training being provided should include any dangers employees might face online, whether through their inboxes, social media, or other technologies they use on a regular basis. 

 Why is cybersecurity sensitization/awareness training important?  

The main goal of information security awareness training is to limit the risk of data breaches caused by human error. Security awareness training is widely acknowledged as an important tool for reducing cybersecurity incidents and safeguarding sensitive data. Multiple studies have shown that human error is the major source of most data breaches in recent years. Companies gain from information security awareness training because it ensures that personnel is trained to spot potential cyber events or incidents. It can help you create a workplace culture that values and understands security, lowering your risks even more. 

What happens when your employees aren't trained?  

It is possible that failing to teach your employees will result in serious consequences. Employees who are unaware of phishing emails or ransomware, for example, may fall victim to these prevalent cyber-attacks. A single employee mistakenly opening a malicious file might put your company's finances and reputation at risk. "People are the weakest link," according to information security experts. Cybercrime and the methods utilized by them are always changing. Security awareness training is an important part of keeping your employees, company, and customers safe.  

Some topics that should be covered in cybersecurity sensitization/awareness training.  

  • Current threats - Understanding security compliance requirements and needs
  • Attack red flags - Recognizing and avoiding different types of phishing and social engineering attacks
  • Defensive procedures – Use of strong Passwords, Securing data on computers, mobile devices, networks, and in the cloud
  • Threat reaction plans - Risk response, Report, Escalate

PDF Download: Why cybersecurity awareness sessions are important within the workplace.pdf

References  

  •  Canadian Internet Registration Authority (CIRA). (2021, april 7). How to implement cybersecurity awareness training. Retrieved from Canadian Internet Registration Authority (CIRA) 

          https://www.cira.ca/resources/cybersecurity/5-steps-to-implement-training 

  • Fraud watch, A. (2021, 15 July). What is Cyber Security Awareness Training and Why is it so Important? Digital Brand Protection. Retrieved from FraudWatch.

          https://fraudwatch.com/what-is-cyber-security-awareness-training-and-why-is-it-so-important/ 

  • Radzikowski, R. (2022, 6 April). What Is Cybersecurity Awareness Training? - The Infosec Blog. Carbide. Retrieved from Carbide 

         https://carbidesecure.com/resources/what-is-security-awareness-training/ 

  • Tessian. (2022, 29 March). The Psychology of Human Error 2020. Retrieved from Tssian 

          https://www.tessian.com/research/the-psychology-of-human-error/