3 Essential Security Awareness Training Topics for 2021
In 2021, organisations must lead the charge to educate the workforce on cyber security best practice. Threats are growing to become more sophisticated every day, and it is critical for employees to know how to defend their data and systems. Security awareness training is essential to keep your organisation protected, and it is indeed one of the most cost-efficient ways you can protect yourself from data breaches. Below we have listed 3 essential security awareness training topics to look out for in 2021.
A Human Firewall
A lot was achieved in 2020. The new era of remote working became the norm, despite the difficulties that came with it. Cyber threats, data hacks, threats to employee privacy and security and online fraud were just some of the issues that grew in importance. Businesses had to adapt to these challenges and develop new strategies to deal with them.
Most companies spend significant time and money on software to protect their security information. However, security accounts for just 5.7% of IT spend, according to Gartner.
Elasticito believes the most valuable asset organisations have is their employees. This is because the human element of security — from management level through to the front line — is also the most vulnerable part of any business. Because of this, organisations should take a preventative rather than a reactive approach to their security.
Human error is responsible for 95% of all cyber security breaches. By participating in a simple and affordable security awareness course, organisations can drastically reduce this number. Security awareness courses, such as those from SANS Security Awareness, empower employees with the information they need to protect their organisation’s assets and can avoid costly mistakes. From SMEs to large enterprises, the employee is a critical line of defence in an organisation’s security, the proverbial “human firewall”.
With this in mind, we’ve refreshed our list of 3 security awareness training topics to look out for in the year 2021.
3 Security Awareness Training Topics for 2021
Passwords are the most common and easiest to use authentication system. Because it is the simplest, most common way to protect systems and user accounts, it is also one of the weakest. A small handful of attackers can gain access to every account using a single password; the ease of use also makes it easy for employees to inadvertently reveal their password in public places. Furthermore, many employees share their passwords with family members and friends who manage those credentials.
Some important password security tips to include in security awareness training content:
- Leaked credentials.
- Unique password for each site.
- Non-dictionary passphrase vs password.
- 2FA / MFA
- e.g. Authy, Microsoft or Google Authenticator
- Password manager and generator.
- Phishing Emails
Although phishing attacks have increased in recent years, security awareness training is the most effective way to combat these types of attacks. By driving security awareness training as part of the organisation’s philosophy, organisations can help prevent employees from falling victim to these types of attacks. Over time, this type of training will help reduce the overall number of incidents that happen.
Here are some suggestions:
- Never give out your credentials or one time password.
- Always visit the site directly not via a link provided.
- Always call the person back using a number that you have found independently.
- Organisation should provide:
- Protective DNS (whitelist)
- MicroVM to open attachments safely
- Organisation should not perform Phishing Tests as they tend to lead to animosity in most instances.
- BEC and SCAMs
Business email compromise (BEC) is a type of email cyber crime scam in which an attacker targets businesses to defraud the company. Business email compromise is a large and growing problem that targets organisations of all sizes across every industry all around the world. BEC scams have exposed organisations to billions of dollars in potential losses. BEC is difficult to detect and prevent, especially with legacy tools, point products and native cloud platform defenses.
Here’s what you can do:
- Zero Trust Model – never take for granted the origin of a request. Always verify via a separate communications channel.
- Urgency to act is a giveaway to most scams. “You need to do it now” with upmost urgency.
- Threats of not acting including, dire consequences including financial loss or potential arrest is another giveaway.
- Always verify via a separate communications channel.
Getting It Right
All organisations have different needs. It’s crucial that your security awareness training is flexible and tailored to your organisation’s needs. By regularly conducting security awareness training in your organisation, you can help keep your employees aware of the latest security requirements, and use this as an opportunity to promote a culture of communication and awareness.
Whether you are building a mature ongoing security program or just beginning with a security awareness month, Elasticito can assist, guide and advise. Contact us here.