Security Awareness Training : Better Safe than Sorry!


Image : whiteknightit

Security awareness, and training are the first line of defence in securing your organization against cyber attacks.

The first barrier that you will face is resistance to information security. This is a normal situation as employees tend to think security is not their job. But they are the problem. Majority of cyber attacks have been resulted from employee vulnerabilities  exploited by hackers through social engineering.

How to reduce resistance to information security ?

If you provide adequate awareness and training to your employees, and make them understand that they are also responsible for the information security of the organization.  Then your employees will be much better, more effective, and more efficient in using security controls. They will appreciate having the security controls, hence they are less likely to ignore, bypass, or disable them.

When they know why they need long passwords, why not share them with colleagues, and importance of vigilance in communications , privacy, data protection and compliance to standards, they will be proud to contribute to organization’s information security arrangements. 

Improved compliance  

A clear desk policy may not be useful, if the employees don’t aware of it. It will not be practiced in the organization. No one will bother untill a disaster happens when a confidential document leaked. Awareness is the key to practical  implementation of the policy. Therefore security awareness and training enables all the other security controls for managing  risks, and to achieve business objectives, and  compliance with standards and regulations.

Rreduced costs from information security incidents

An organization with security-aware employees, supported by well trained security professionals, is less probable to suffer information security incidents,  security breaches, and unplanned downtimes. Employees are least likely to become a prey for social engineering attacks and scams that will risk your organisation's information security. Your employees will be extra cautious using systems and the devices taken outside for work. They will be vigilant as well as spot any abnormal behaviors of their colleges or systems.  

Improved Incident response

An incident canot be responded until it is recognized and reported. The start of recovery process depends on your  employees knowing what to do, without delay.

Improved reputation and greater trustworthiness

Trust is a key factor in busuness, and a significant component of an organization’s reputation and brands. People like to feel safe when they give away their personal information such as credit card details. If your staff are trained to ensure data security, it will build confidence among your customers. With security-aware employees, your customers, suppliers and partners,  and visitors will  perceive a secure organization improving your reputation.

Situational awareness

This is the sixth sense of business. Your empyeees will be able to quickly assert if an email or phone call is genuine or a social engineering tactic. The spear-phishing attacks by email tend to appear that the sender is a colleague, acquaintance, or friend, addressing the recipient by name. it is the situational awareness that will wake their sixth sense to react automatically, not to  open the malacious attachment or click the link to become a victim of social engineering.

Be better safe than sorry

Awareness and training is a long-term investment in the overall business success and information security. Without having well trained employees in information security,  an  organization will appear untrustworthy. When security breaches occur, your reputation will be tarnished extra to financial and market losses. You would have prevented or mitigated such risks with security awareness and training of your employees.

Niranjan Meegammana 

Comments

Popular posts from this blog

The 7 Layers of Cyber Security : Attacks on OSI model

Best Practices for secure Software Development

ISO 27001 ISMS in a Nutshell