Does your organization takes safety seriously? Users know how to push the social engineering attacks? You mobile devices in your organization have data encryption enabled? If your answer is "no" or "do not know" to any of these questions, then your organization is not a good training in safety awareness.
Wikipedia defines security awareness, to have the knowledge and the attitudes of members of an organization for the protection of property and organizational information.
In short, loose lips sink ships. This is really the essence of what the security awareness issue.
If you are responsible for the information resources of the organization, then you need to develop and implement a training program for safety awareness. The goal should be to their employees aware of the fact that there are evil people in the world want to steal information and damage the organizational resources.
A good training program will instill a sense of pride in the possession of the data and resources of your company's safety awareness. Employees are threats to your organization as a threat to their livelihood. Poor safety awareness training program will lead to paranoid and resentful people.
Let's take a look at some tips for creating a training program to increase awareness of effective security
Educate users about the different types of real threats, which are
Training of security awareness should also raise awareness of users in security concepts, such as the recognition of social engineering attacks, malware attacks, phishing tactics and other types of threats can find them. Visit our Internet crime fighting for a list of threats and techniques cybercriminals.
Teach Art Lost Password Construction
While many of us know how to create a password, there are still many people out there who do not realize how easy it is to crack a weak password. Explain the process of cracking and password, such as tools, how they work with rainbow tables offline cracking. They can not understand, to see how easy it is, a password poorly constructed, which will encourage them to be a little more creative when it make time for them, a new password all the technical details, but at least be able to could break.
Focus on privacy
Many companies say their employees to avoid discussing company business while at lunch, because you never know who can listen, but not always say they do not see what they say on social media sites. A Facebook status update on how simple it is angry that the product is not working, will be solved in time could be useful to a competitor who might be later to see their status when the privacy settings too freely. Bring your employees loose tweets and status updates also fall ships.
Participants can troll social media in search of employees in the competition to win the advantage on the understanding that the product that is on what works, etc.
Social media is still relatively new frontier in the world of business and many security forces struggled to deal with it. The days of simply blocking in the corporate firewall are. Social media is now an integral part of the business models of many companies. Educate users about what they should and should not post on Facebook, Twitter, LinkedIn and other social media sites.
Keep your standards with possible consequences
Security policies without teeth have no value for your organization. Get management buy-in and establish clear consequences for the acts or omissions of the user. Users should be aware that they have the duty to the information that will protect them and do everything to keep out of the danger zone.
Make them aware that there are civil and criminal consequences of disclosure of information and / or sensitive owners, management of company resources, etc.
Do not reinvent the wheel
You do not have to start from scratch. The National Institute of Standards and Technology (NIST), literally wrote the book on how to develop a training program of safety awareness, and best of all, it's free. Download the NIST Special Publication 800-50 - to learn building awareness of information security technology and training program, as your own.
No comments:
Post a Comment