One of the best ways to make sure that employees will not make any costly errors to Information Security is to provide awareness training programs. These training programs should include specific curriculum that can help ensure employees have a thorough understanding about the company’s security policy, procedure and best practices.
Various training topics addressing the security awareness should consist of present organizational policies and procedures, hysical, Desktop, Password Security and phishing. These training topics will help employees understand why security awareness is important and how it will help them in knowing how to prevent incidents from happening and what to do if one encounters such an incident.
Let’s explore a few important training topics for Security Awareness.
Some of the most important topics to include in security awareness trainings are as follows:
1. Physical Security: Physical security training should mainly focus on locking the doors and desks or file cabinets and drawers, etc.
2. Desktop Security: The desktop security section should focus mainly on why it is important to have a password-protected screen saver or have the habit of locking computers when users walk away from their desks. Another point to be addressed is to make sure that the users shutdown their computers at the end of the day.
3. Password Security:The password security training should include topics on how to set up a strong and secure password or passphrase that are harder to guess. For instance, passwords should not contain the username or personal information such as a spouse name, favorite team, or pet name which are very easy to crack; Passphrases (e.g. Isaw3redtrucks) could help move users over from password to passphrase. If the default password is given to users it should be changed immediately and instructions on how to change passwords should also be included in the trainings.
4. Wireless Networks Security: The wireless networks and security trainings should address the insecure nature of wireless networks as well as tips and tricks to exercise caution and stabilize the laptops against the dangers of ‘sniffing’.
5. Phishing: It is the attempt made to acquire information on usernames, passwords and creditcard details by hiding as a trustworthy entity through an electronic communication. Clicking on links provided in an e-mail or submitting bank details via e-mail should be avoided.
6. File Sharing and Copyright: File sharing and copyright should address types of copyright being referred like recordings, videos, and software should comprise the introduction. Suggestions on how to legally acquire copyrighted works should conclude the introduction.
Security awareness training is vital for any organization. If the user is properly informed as to what to watch out for, prevention procedures could prevent a lot of potential problems that could affect the infrastructure. Awareness is the key to both prevention and protection. Besides classroom training, eLearning is a very effective way to avoid unpredictable loss due to lack of security awareness. Following is the screenshot of one of our course on Security Awareness.
Reference: SANS Institute InfoSec Reading Room