Employee Cybersecurity Training Resources

March 17, 2020 Leave a comment

Cybersecurity Training Philosophy

I believe training should be engaging and short due to employee's limited time to focus on it vs their daily jobs.

Phishing training

Phishing is a term more people are becoming familiar with. It is a very popular way to get tricked into giving away your email login or bank credentials. You're directed to a website you think is safe while the true purpose is something more nefarious.

Website Malware Safety

Following links in email that you don't know can be dangerous. Check the sender, strange formal names, irregular grammar, and emotional calls to action like fear of missing out or the boss telling you to 'rush' this through.

Submitting passwords through unsecured websites is another telltale sign you might be where you don't belong. Look for the 'lock' at the top of the browser's website to make sure you're secure.

Email safety through secure email

Don't send credit cards through regular email. Personal or confidential information shouldn't be sent through email either. Check with your company's IT department on how to send things securely.

Social engineering

Phone calls can also be used to trick victims into revealing information they wouldn't normally. Beware of phone calls from your bank asking for information to reactivate your account, or requesting your ATM PIN because your card is compromised. The normal reaction is to trust someone asking for information. A simple way to turn this around is to ask for a number to call back. Then call your bank directly and report the situation to them.

Training should be recurring

The once a year training isn't nearly enough. We forget and end up being reminded so irregularly it makes us more vulnerable to successful attacks. Send out email reminders to the team regularly. Talk about it in meetings, even if it's briefly mentioned.

Feedback and effectiveness through testing

Learning methods have proven that feedback to the person learning is critical to get the most out of training. Testing frequently between learning sessions engages the mind, putting it into a better learning state.

How do you know your training is effective as an organization? As a leader, you need feedback too.

Get phishing testing done through companies offering the service. These offer the testing and feedback both employee and leaders need to know it's working.

Resources

Phishing

https://www.youtube.com/watch?v=h3lJycGGF64

Web Browsing Securely

https://www.youtube.com/watch?v=2ZZQlgV2Gus

Social Engineering

https://www.youtube.com/watch?v=lc7scxvKQOo

Government Related Resources

CISA

https://www.cisa.gov/

US Cert

https://www.us-cert.gov/resources/business

DHS

https://www.dhs.gov/be-cyber-smart/common-scams

https://www.dhs.gov/be-cyber-smart/cyber-lessons#section-multifactor-authentication

https://www.dhs.gov/be-cyber-smart/report-incident

Leave a Reply

Your email address will not be published. Required fields are marked *