Information security (Infosec), is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Humans are often considered as the weakest connection in the information security chain. This accusation may be circumstantially right, but it also neglects the fact that humans, if properly motivated and educated, can play an important role in reinforcing the security ecosystem.
Employees can break the multimillion-dollar defense mechanism of an organization, simply by clicking on a malicious link that installs an exploit kit. On the flip side, security-conscious employees can pick up the slack, where the technology and processes fail, acting as a last resort in the security defense mechanism.
The diagram given below represents the statistics of information leakage incidents:
From the above diagram, it is evident that Government and Healthcare sectors are most widely affected by the data or information leakages.
According to the U.S. National Institute of Standards and Technology (NIST), information or data security awareness, should be directed to all computer users, with the purpose of changing behavior and reinforcing good security practices.
Trainings for information security awareness can be given on topics like the significance of individual responsibility, cyber security terms awareness, email and internet safety, using strong passwords, spyware and virus protection, security threats and vulnerabilities, data protection, desktop protection, phishing, physical security, travel security, Wi-Fi security, etc.
Information security awareness training can be conducted in a variety of ways, which can be utilized alone, or in conjunction with each other. These methods can consist of a more thorough classroom style training, creation of a security-awareness website, pushing helpful hints onto computers when they start up, and/or e-mailing helpful hints on a weekly or monthly basis, and utilizing visual aids like posters.
Information security awareness trainings can also be done through e-Learning, which are the simplest, quickest most economical and most convenient means possible, for a company’s employees to learn how to comply with security standards. In eLearning, the content is supported by strong visual aids, videos, alerts, which help reinforce messages to the learners. Also, the quizzes including the security awareness behavior survey measures the security-related behaviors that are carried out, as well as identifies the ones that need to be improved. Since eLearning can run on a Learning Management System (LMS), it is very useful for organizations to track the security awareness behavior survey of employees taking the eLearning courses.
Given below are the screenshots of our eLearning course on information security awareness:
Thus, eLearning will simplify compliance and will reduce the risks significantly also, in an organization.