National Cyber Security Awareness Month: Key Areas of a Cyber Awareness Program
During National Cyber Security Awareness Month, we’ve discussed the importance of cyber awareness and how to gain employee buy-in. To keep employees committed to practicing cyber awareness, we have to deliver helpful and concise training. Today we are going to discuss the key parts of a cyber awareness program.
In the most basic terms, criminals are after your money or sensitive information and they’ll use any method that works to meet their goals. They’ll try to phish you, steal your password, deliver a malicious pop-up to your browser, and more.
When building or shopping for a cyber awareness program, keep these five key areas in mind:
Phishing is one of the biggest threats to an organization. It comes in many forms and themes: a text claiming a large purchase was made on your credit card, an email with a special offer, social media message with an exclusive discount code, or browser pop-up claiming your computer is infected with a virus. While the main teaching point is the same (THINK before you click, open, or respond), all angles should be addressed when delivering training.
Passwords are the gateway to the money and sensitive information criminals are after. Passwords can be stolen through no fault of the user. For example, a data breach of a website where the user is an account holder. They can be stolen through a phishing attack, where your credentials are inputted to a fake website. They can even be guessed. Criminals then take these stolen passwords and try them on popular websites across the web. When teaching about passwords, emphasize the importance of strong and unique passwords on all accounts.
One of the most important aspects of cyber awareness as it relates to web surfing is the ability to identify where you are on the internet. Users should be able to analyze the web address to determine if they are on a valid website and if that connection is secure.
When we think cyber awareness, we typically narrow our focus to what happens on our computers, mobile devices, and the network. But there are physical protections we can, and should take, to protect those electronic things. Actions like watching for shoulder surfers and unauthorized persons in your workspace, keeping sensitive information under lock and key, storing work mobile devices in a secure location, to name a few.
The final key to a successful cyber awareness program and culture is open communication and a judgment free zone to ask questions and report issues. Users should feel comfortable reporting suspicious emails or an accidental click. In fact, they should be praised for their initiative as this behavior is the backbone of a successful cyber defense.
Properly handling confidential information is also an important part of a cyber awareness program. Because each employee’s responsibilities in this area vary depending on their role, it takes time to address this particular topic. However, you can and should emphasize that certain kinds of information are targeted by cyber criminals and that we should all be mindful of how we receive, store, and share that information.
The bottom line is that you have both information and operations to protect in a workplace. Employees, therefore, must be made aware of their responsibilities and common cyber threats to help reduce risks to information and operations.