National Cybersecurity Awareness Month: importance of security awareness training

Published:  22 October, 2018

October is National Cybersecurity Awareness month, and cyber security company eSentire is explaining the importance of security awareness training and sharing tips and best practices for phishing attacks

According to eSentire, phishing continues to be a popular attack vector. The company’s most recent threat report noted an uptick in lures mimicking shipping and eFax services observed in Q2 2018. Industries that experienced the largest amount of confirmed phishing attacks in Q2 2018 included construction, education, and marketing – likely due to frequent use of DocuSign in handling digital invoices and quotes due to remotely based business relationships and employees. Healthcare also experienced a larger diversity of phishing lures, but no one lure dominated. This is likely because healthcare providers interact with diverse groups, such as employees, other healthcare providers, managed service providers, and patients, so they are apt to use more varied technology making it easier to see different lures as familiar.

Phishing emails have grown increasingly sophisticated, designed to look like emails with legitimate professional branding. Employees need to learn to be wary of emails requesting user account credentials or personal details - and to confirm with their IT departments if they see something that doesn't seem right (spelling mistakes, an odd return email address, other indicators, etc.)

Eldon Sprickerhoff, founder and chief innovation officer at eSentire says: “Knowing how to identify a phishing email is extremely important, but it is the just the beginning. Security awareness training highlights several different tactics used by cyber-criminals and describes how to defend against them.

“Training is important to any individual that has access to company data, so for most companies, that means everyone. Keep in mind though, those in HR and finance are particularly targeted as they have access to financial and employee information.

“It's important to remember that employee education will reduce the risk of a cyber-breach; however, it won't stop criminals from trying. Learning these signs and triggers is something that can become muscle memory through regular cybersecurity training – it’s up to every organization to mandate and maintain a regular cadence around awareness training. Providing ongoing education and training to employees is the best way to protect your business in the fight against cyber-crime.”

Below are some additional tips from eSentire for employee security awareness training:

• Cybersecurity training for employees should be mandatory—not just as part of new-employee orientation, but as an ongoing practice. It’s important that training is offered in a way that is engaging and memorable, so your employees will retain the information. And of course, policies must be in place to ensure employees take this training seriously.

• While online training is the more modern approach, there is sometimes still a place for in-person training. In-person training allows for direct interaction with instructors, which can be more engaging for some people. The content can also be customized more easily depending on the needs of the employees. Unfortunately, this method is often more expensive and is usually offered as a “one-time thing.”

• On the other hand, online training allows for consistency of messaging while being cost-effective and easily duplicable. However, with online courses, employers may need to seek out a training program that is more than a “one-time thing”. Solitary, online training can sometimes be unmotivating, so it’s important the training program is engaging, and its completion is enforced.

• The solution: merge proven brain science with cybersecurity curriculum. One of the most important advances in employee knowledge approaches is something called microlearning—a technique that will totally change the face of cybersecurity awareness training because it moves the needle beyond reach to focus on improving knowledge, sustaining it and enabling employees to apply it in the real-world. Microlearning is a technique of delivering learning content in short, bite-sized bursts (from three to five minutes), several times per week, or even daily. When microlearning is delivered in a consistent, ongoing way, you can drive continuous learning, build up knowledge over time, and produce real behaviour change that’s capable of creating an embedded human layer of security protection across every part of the business. Microlearning addresses the problems associated with traditional SAT and is evolving the industry to think well beyond compliance. It’s being used at some of the world’s largest companies like Toyota and Walmart to solve the numerous challenges when knowledge-building in a corporate setting.

Sign Up

For the Builders' Merchants News enewsletter.

In the spotlight

We have vacancies all over the UK for those who work within the Building Supplies sector.