Being aware of one’s surroundings is the greatest form of self-defense.
Here are six security awareness training topics you should consider reviewing with your team in order to bolster your security strategy.
1. Network Security
A secure network involves two facets: strong user credentials and controlled access.
More than 60 percent “of all network intrusions are due to compromised user credentials,” according to Microsoft.
Use strong passwords, and be on the lookout for veiled attempts to reveal those passwords (see the section on social engineering below).
Additionally, comprehensive training should address network access.
“Organizations allowing third-party access were 63 percent more likely to experience a cybersecurity breach,” say the authors of The State of Industrial Cybersecurity 2017 report, “compared to 37 percent of those who did not.”
2. Cloud Security
More than one-third of engineering firms reported a scarcity of cloud security skills, “yet they are continuing with their plans anyway,” according to a Forbes analysis of an Intel Security survey.
The same analysis also founds that this lack of skills has slowed down cloud adoption plans.
3. Application Security
When cloud providers “expose a set of software user interfaces (UIs) or APIs that customers use to manage and interact with cloud services,” they open apps to security risks.
The publication CSO analyzed a report from the Cloud Security Alliance, who recommends designing APIs “to protect against accidental and malicious attempts to circumvent policy.”
In 2015, apps contained a median of 20 vulnerabilities, which was up more than three times from 2013.
4. Social Engineering
Social engineering is when people “take advantage of human behavior to pull off a scam,” says CSO.
People may get links they think come from a Facebook friend or LinkedIn connection, but in reality, that link is coming from a social engineer. Clicking or tapping that link can provide scammers with a password they can then use to explore a network.
Phishing, says TechTarget, is “a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.”
Three-quarters of organizations experienced phishing attacks in 2017, according to TripWire’s analysis of the 2018 State of the Phish report. Phishing attacks most often resulted in malware infection, compromised accounts, and loss of data.
6. Social Media
The Pew Research Center says nearly 70 percent of American use social media. That opens up people and businesses to security vulnerabilities.
“When someone neglects their privacy settings or publicly posts personal notes and photos,” says CSO, “they can leave cybercriminals free to use their information to launch targeted phishing emails containing malware links.”
Cybersecurity involves so many facets, and it will only continue to grow.
However, covering these security awareness training topics with your team is a great start.