An Untrained Employee Can Be Your Weakest Link!
Hackers Don't Target The IT Manager, They Target The Untrained Employees.
If your company is like most, you’re spending an awful lot of your information technology budget on security: security products to protect your organization, security consultants to help you understand where your weaknesses lie, and lawyers to sort out the inevitable mess when something goes wrong. That approach can work, but it fails to consider the weakest link in your security fence: your employees (FORTUNE, June 2016).
The most basic thing that every organization needs is security awareness training. Security awareness training is all about teaching your colleagues and employees to understand the risks and threats around the ever evolving cyber world. The main purpose is to ensure that these people realize that hackers within organized gangs of cyber criminals will try to deliberately attack, steal, damage or misuse your organizations systems and information, and that therefore everyone within the organization needs to be aware of the associated risk, and thus work to adequately protect the organization against these risks.
Protecting your organization begins with ensuring your employees are prepared to assist in keeping your computers and networks safe. The strongest security asset is already inside the company: the employees.
What types of risks do your employees pose to your organization?
- A network is more vulnerable to attacks if the passwords are weak
- Failing to update important security patches allows criminals to infiltrate the system and steal valuable data
- Download unreliable files from the internet or from spam emails can allow hackers to install silent malware on your network
- Falling prey to a social engineering attack
Social Engineering is one of the most sophisticated, nontechnical ways of stealing valuable data. It involves finding the weak link within an organization and exploiting that vulnerability. Once the target is identified, data and information about the person in question are gathered from various sources such as social media and a phishing attack will be initiated with the intent of tricking that person into conducting a certain action such as downloading a file or opening a malicious website. The level of sophistication and design of the phishing attack will vary depending on the abilities and effort of said attacker but the outcome can be catastrophic and an easy entry point for cyber-criminals.
This can be avoided with smart security training to cover methods of detecting these attacks and reducing the risk of this happening to your organization.
Customized Training
NCSU can tailor or create our training course to meet your organization's computer use policies. The following is a video on creating password a client had a create for them.
Course Curriculum
-
1
-
Understanding What You Are About To Read
-
-
2
-
Pause, Think, And Act
-
-
3
-
Information Security Awareness
-
-
4
-
User/Staff Responsibilities
-
IT Department Responsibilities
-
Senior Information Asset Risk Owner Responsibilities
-
Further information
-
Chapter Quiz
-
-
5
-
Contractors and Visitors
-
Employee Exit
-
-
6
-
10 Steps to Cyber Security
-
-
7
-
Introduction
-
Procedures
-
Understanding Roles Between Staff and System Adminstrators
-
Chapter Quiz
-
-
8
-
Defining Social Media
-
Social Media Policies
-
Social Media Posts Monitored by Company
-
Negative Comments Regarding Your Employer
-
Derogatory Remarks
-
Posting Company Information
-
Social Media Use at Home
-
Divulging Personal Information at Your Own Risk
-
Evidence in Lawsuits
-
Companies Should Be Concerned About Social Media
-
Company - Intellectual Property
-
Company - Insider Information
-
Company - Business Related Contacts
-
Companies - Tracking Who May Have Released Confidential Information
-
Chapter Quiz
-
-
9
-
External Network Connections
-
Remote Access Policy
-
Wireless Network
-
Third Party Access Control to the Network
-
Unauthorised Software
-
Training and Awareness
-
System Configuration Management
-
Reporting Data Security Breaches and Weaknesses
-
Disaster Recovery Plans
-
Unattended Equipment and Clear Screen
-
USB Policy
-
Chapter Quiz
-
-
10
-
Policy Brief & Purpose
-
Your Personal Email Security
-
Phishing Attacks
-
Policy Elements
-
User ID's
-
Chapter Quiz
-
-
11
-
Choosing The Right Password
-
Password Policies
-
Using Your Cell Phone To Reset Your Password
-
Two-Factor Authentication Examples
-
Chapter Quiz
-
-
12
-
Information Custodians - Personal Data
-
Information Custodians - Non Personal Data
-
Data Classifications
-
-
13
-
Mobile Security Overview
-
Vulnerable Laptops
-
Lock It Up
-
Mounted Desk Security
-
Security Cameras
-
Laptop Cables And Locks
-
How To Secure Your Laptop Bag
-
Anti-Computer Forensics
-
Laptop In The Trunk
-
Chapter Quiz
-
-
14
-
Social Engineering Attacks To Be Aware Of
-
Chapter Quiz
-
-
15
-
Physical Security Breach
-
Physical Security Overview
-
Physical Security Guidelines and Requirements
-
Physical Security Control
-
Internal Security Control
-
Security Incidents And Reporting
-
-
16
-
What Is Workplace Bullying?
-
Bullies vs. Cyber Bullies
-
Is Bullying In A Workplace A Big Deal?
-
Example Of Wordplace Bullying
-
How Employees Are Affected
-
The Workplace Affect Because Of Bullying
-
What To Do If Your Being Bullied
-
Tips On What To Do
-
Chapter Quiz
-