The human element of the company is one of the most vulnerable aspects of a company. Social engineering attacks are involved in approximately 90% of data breaches, it’s an extremely common and effective attack. The best thing you can do to prevent these attacks is to invest in security awareness training for your staff. However, different types of employees require different levels of training based on their job role and the type of data that they interact with. Here we will go into the four levels of security awareness training that an organization typically needs: General Security Awareness
It’s our belief that everyone in your organization needs a basic level of security awareness training. This covers simple things that all employees are likely to encounter such as phishing emails, not clicking on suspicious links, not letting people tailgate you, don’t download unknown applications etc. This level of security awareness is important in ensuring that your employees don’t unintentionally create a security risk for your business. Data Handlers
Next any employees that are going to be handling sensitive information need to have a higher level of training. By sensitive information this usually means personally identifiable information (PII), which is any information that can be linked back to an individual person. Another common example is personally identifiable health information (PHI), which is any health information that can be linked to an individual person. Mishandling this information can constitute a privacy incident, which can result in fines or lawsuits depending on its severity. Therefore it’s important that these employees get a higher level of training than standard employees.
Company executives are even more at risk than the previous two types of employees. They are often the target of spear phishing, which is a tailored type of attack that looks to trick people into performing actions that would give hackers access to company data. Executives need specialized training on how to protect themselves from these attacks and how to properly oversee an organization’s security program.
Source @ phoenixnap.com
IT Staff and custodians
The IT staff is going to be primarily responsible for the company’s security and therefore they probably need the most intensive security training to ensure that they know how to do their job effectively. This includes having the proper security controls, how to conduct security awareness training, network monitoring and all of the other operational duties that a good security program will require. The IT staff should be receiving training on what they need to do to protect the company.
Source @ varonis
How to get more free content
If you like this article and would like to read more of our content for cybersecurity insights, tips and tricks feel free to follow us on getoppos social media. If you’re a struggling business owner who needs help in assessing their business’s cybersecurity posture feel free to take advantage of our free introductory assessment and we’ll help you figure out a game plan for keeping your company safe.