Cybersecurity Awareness: The Importance of End User Training

By Doug Hall ·

You’ve probably seen the news about companies around the world being hacked. These are companies that have millions of dollars invested in technology and have top-notch security professionals at the helm. While organizations invest in IT security infrastructure, many of them lack in the biggest security gap: The User. 

People are trained to perform their jobs in technology, accounting, sales, etc. but lack the basic knowledge of how to protect company data from the outside. You can’t assume that everyone knows the rules, cautions and dangers. Hackers are getting better and better at disguising their methods, it’s not always obvious.

To have an effective security program, individuals need to know what to do when hackers call them, how to identify a hacker’s emails, how to know which software apps are “safe” to download, among other things. Probably most important is what to do when those hacker attempts are identified. 

The White House has declared October National Cyber Security Awareness Month, stating “the cyberthreat is one of the most serious economic and national security challenges we face as a nation.”  

Attacks can be initiated at any time, notably after company news is released or following a network outage (sometimes by design as in Denial of Service attacks). The messages may be appear to be official company communications or may be spoofed to come from a Corporate Executive. When emails fail, the hacker may discover future “prospects” using other forms of attack such as social engineering.

As increasing amounts of sensitive information flows across the network, new platforms are designed protect that information. However, the best security technology in the world can't help you unless employees understand how to safeguard data and protect company resources.

Security Awareness Training is a critical component in protecting an organization’s most important asset - its data. Training users to identify and avoid risks and make good judgments online are critical elements of network security.

The key to leveraging security awareness training to protect your data isn’t just a one-time blast; it’s a continual learning process. That’s why a well-organized cybersecurity training program includes reinforcements throughout the year like posters, newsletters, videos training, evaluations and videos.

The problem with security awareness programs is that it’s hard to “prove” their success. As with any security countermeasure, success is measured in that nothing happens. Every time an employee does not click on a phishing message, every time they avoid a malicious website, every time they lock their door or computer monitor, every time they refuse to enter private information for questionable purposes, is a security awareness success.

As NCSAM kicks off, I challenge you and your organization's end users to take action on these daily security risks:

  • Keep your computer locked at all times while you’re away from your desk.
  • Learn to recognize a phishing email.
  • Create strong passwords at work and at home.
  • Protect your computer as you would your wallet or purse.
  • Report suspicious emails, phone calls or persons in the building.

Let’s work together and help combat unwanted threats as a team. If we do this correctly, no news will truly be good news.