Is it surprising to know that over 90% of all information security incidents are the result of human error? Whether the root cause of incidents and breaches is ransomware, lost or stolen workstations, inadvertently sending sensitive information via email, or phishing, the more all of us can be informed of the potential vulnerabilities, the more we can do to eliminate these occurrences.
Your organization should routinely offer training in the form of classroom presentations, webinars, or security briefings. The importance of this training cannot be understated.
The implementation of technical, administrative, and physical controls are effective to a limited degree. The remainder of the responsibility to protect your company’s sensitive information, as well as your own personal data, lies in your hands.
There are important components in Security Awareness Training that should be regularly reviewed:
- Recognizing and Reporting Incidents
- Mobile Devices
- Acceptable Use of eMail and Internet
- Information Security Policies
- Malicious Software
- Phishing and Social Engineering
- Acceptable Use of Company Assets
- What is Our Sensitive Information?
- Portable Media
- Knowing Your Security Official
- Emergency Procedures
When attending training, it is also important that you acknowledge your involvement. Be sure to log your attendance with the organization and maintain your own personal records.
After training, help by spreading the message. The more that everyone knows how to protect information, the less all of us will be exposed by breaches and incidents.
Be aware of your IT Security Policies and Procedures.
Always consult your Privacy and Security Official with questions!
CloudSAFE thanks Joe Dylewski of ATMP Solutions for contributing this guest blog.
Photo credit: Rawpixel.com and Shutterstock
What is your organization doing to improve Security Awareness? We'd love to hear your thoughts in the comment section below.