End users are still the weakest link

Organizations use computers, servers, cloud services to store and process data and they take all possible effort to safeguard the high-value corporate information. When it comes to investment in cybersecurity awareness training, not a lot of organizations understand the importance of it. Employees are the first point of access for any cyber attackers. Companies need to make sure that their employees are part of their security awareness plan. In the recent WannaCry ransomware attack, a lot of businesses were impacted due to human error. Even when the vulnerabilities had been patched with a new update from Microsoft a lot of companies had not updated their systems. It is mainly because of the employees who do not understand the basics of security. Also, employees mustn't be given admin privileges on the system so that they can turn off patch updates which can lead to a compromise of the entire corporate network.

Cost of data breach to organizations:

Fig 1: Data breach root cause, Source: IBM

Fig 2: Records by vulnerabilities and industry; Source: ForgeRock

What is Privacy & Security Awareness Training

Key Concepts​ included in the training are:

1. Incident and Breach Management​ – What to do in case there is a problem? Whom to inform?

2. Data Accountabilities​ – How to safeguard your organization's or client’s data when it is stored in your computer.

3. Data Classification​ – What is restricted data, confidential data, internal data, public data.

4. Privacy and Client Rights​ - What is personal data and what kind of privacy or compliance rules apply to that data.

5. Physical Security​ – Physical devices, servers, routers, firewall, etc.

6. Computers and Devices​ – Data backup options and peripheral devices.

7. Applications and Systems​ – Best practices to use applications and systems.

8. Access​ – The basic mechanism to lock the laptop when you are away.

9. Storage and Deletion​ – Criteria for storage, replication, and deletion.

10. Leaving your Position​ – What can be retained and what needs to be deleted. Who can provide permissions with the rest of the data that you can keep?

Benefits of Privacy & Security Awareness Training:

1. Development of security-focused company culture

2. Avoid downtime

3. Safeguard companies’ assets

4. Best practice adoption

5. Vulnerability reporting and mitigation

6. Employee education

7. Stay compliant with client requirements

8. Awareness can reduce threats

How to get more free content

If you like this article and would like to read more of our content for cybersecurity insights, tips and tricks feel free to follow us on Oppos social media. If you’re a struggling business owner who needs help in assessing their business’s cybersecurity posture feel free to take advantage of our free introductory assessment and we’ll help you figure out a game plan for keeping your company safe.