Data breaches are everywhere. Just in the UK, examples abound. Most recently, Tesco has had to reissue 600,000 Clubcard’s because of a data breach. An analysis of the situation by Cybsafe, using data from the UK’s Information Commissioner’s Office (ICO) found that over 90% of data breaches are caused by human error.
With this in mind, we have drawn up our top 5 topics that you need to make sure your employees are aware of during 2020. These are topics that are covered in security awareness training, that if done well, can help prevent your own company adding to the data breach statistics.
Top 5 Focus Areas for Employee Security Awareness Training
Here are the 5 topic areas that an awareness training programme should emphasise during 2020:
SECURITY AWARENESS AREA 1: GET FISHING FOR PHISHING
As always, phishing is at the top of the list because it is the most successful. The “2019 Cybersecurity Breaches Survey” from the UK government DCMS, found phishing to be the most prevalent type of cyber-attack on UK companies.
Phishing emails are becoming harder to spot and are configured so they can circumvent technological measures, such as anti-malware and spam filters. This is why being aware of how phishing works is important.
Security awareness training places a focus on phishing because it is so commonly used by cybercriminals. Training should be interactive and engaging so that employees understand the, often subtle, nature of phishing emails. Phishing simulation exercises can also help prepare employees for specific types of phishing campaigns.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
SECURITY AWARENESS AREA 2: DON’T COMPROMISE ON BEC
BEC or Business Email Compromise is a growing threat for companies of all sizes. BEC is a multi-part scam that ends in the transfer of company funds to a fraudsters’ bank account. It often involves surveillance of your organisation. Sometimes email account hijacking or at least spoofing an email account – usually of a high-level employee, like a CEO, is used. The fraudsters behind a BEC scam will then use these tactics as a way to trick an employee, usually in the finance department, into making a money transfer. You can read more about how a BEC Scam works in your post “What is Business Email Compromise (BEC)”
The UK is the second most targeted country in the world for Business Email Compromise (the USA being the first). Because BEC crime is a complicated cyber-attack, training employees in how a BEC scam works can help to mitigate the risk of a successful outcome for the fraudster.
SECURITY AWARENESS AREA 3: CLEANLINESS ISN’T JUST ABOUT COVID-19
Not to be forgotten in all of this cyber-awareness and focus on computers, is an awareness of the importance of a general clean desk policy. This is about getting your employees into the habit of clearing up their desk at the end of the day. By doing so, the risks of information leaks, password exposure, and general prying eyes are mitigated. It also helps you in compliance with ISO27001 as it helps cover basic privacy principles.
Security awareness training will help to enforce a clean desk policy by teaching your employees why it is needed and what it involves.
SECURITY AWARENESS AREA 4: ANTI-SOCIAL, SOCIAL NETWORKING
Love it or loathe it, social media plays a massive part in many people’s lives. It also plays a part in cybersecurity exposure. A report by security vendor Bromium looked at the part that social media played in cyber-attacks and concluded that it was a “global distribution centre for malware” and that 20% of organisations have been infected by malware via social media.
The problem is that social media is inherently trusted by people because friends and family use it too. This trust is why fraudsters are turning to social media to distribute malicious links which can end in a malware infected computer and ultimately a company network.
Security awareness training will teach employees about the dangers of social media and how to engage with social platforms safely.
– Engage your staff with scenario-based security awareness training or “In-the-Moment” training.
SECURITY AWARENESS AREA 5: MALWARE IS ALSO MOBILE
Finally, don’t forget the mobile menace. Mobile banking malware, for example, increased by 50% in the first half of 2019. As employees increasingly use their mobile devices at work and for work when travelling, use security awareness training to teach them how to use their mobiles safely.
Security awareness training is more important now than ever. As cybercriminals adjust their tactics to circumvent our technological measures, we need to react by applying knowledge. But when you choose a security awareness training program you need to choose one that is effective. To make sure that employees know what a phishing email looks like, how to prevent being tricked by a BEC scammer or how to use social media platforms safely, you need a training program that works. This means it must be fun, interactive, and engaging. Boring security awareness training programs will result in bored employees who do not take in vital information that can prevent a cyber-attack.
If you’d like to see what an interactive and engaging security awareness training programme looks like sign up for a free demo here.
Subscribe to the Proofpoint Blog