On the PCI DSS side, one of the most missed questions asked around this security awareness topic was: Is it safe for a call center employee to write a customer’s credit card number down in a personal notebook for later processing? The answer is a resounding no, but it seems end users would like to think otherwise. This is an important consideration for organizations like retailers, who might assume that their users have a clear understanding of these types of policies and behaviors.
Working Safely Outside the Office
Today, working outside of the office is very common. Whether traveling for work or working from home or at a local coffee shop, there are a lot of things to consider to keep data, networks, and equipment safe.
Security awareness topics in this category in the Beyond the Phish Report ranged from safe use of WiFi to practical physical security actions. It was surprising to learn that, of the infosec professionals who were surveyed for our report, more than half do not provide guidelines for employees to follow while traveling. This showed with end-users, who missed 26% of questions in this category.
The most missed questions about this security awareness topic were related to the safe use of WiFi, an essential practice with any internet-connected device, whether used for business or pleasure. Studies have shown that even IT-savvy professionals are reckless when it comes to WiFi use. Hold your end-users to a higher standard. Perhaps with a little more direction for working outside the office — like installing a VPN on their mobile devices — they would have the knowledge they need to protect company data.
If you’d like to raise awareness about WiFi best practices with your end-users, share these tips on our blog.
Measurement Is the Key to Success
We recommend continuous assessment and training as a systematic approach to address the gaps in end-user cybersecurity awareness. If you begin with measurement, then you will know what security awareness topics and areas to focus on and have a baseline to measure your success against going forward. Without measurement, you will have no way to confidently identify your threats or the understand progress you are making with your program.
To learn more about our interactive training modules and CyberStrength® Knowledge Assessments, visit our website.