Home » Security Training and Tips » Security Awareness: Strengthening The Weakest Link

Security Awareness: Strengthening The Weakest Link

Security AwarenessYour defense-in-depth information security strategy is defined and implemented. You’ve set up firewalls, honeypots, encryption and antivirus. Your user security is granular, restrictive and multifactor. But no matter how many technology solutions are in place, the human element can always provide an opening for cyber-criminals.

Using social engineering techniques, con men play upon people’s fears and good nature to pry out information they need to unlock secure systems. One slip – a single weak link – is all it takes to expose a company to malicious activity from the inside. Technology can’t help. The only way to combat social engineering attacks is with a robust and ongoing Security Awareness program.

What Is Social Engineering?

Simply put, social engineering is tricking people into giving up critical security information, whether passwords, account numbers or financial data. Cons use many methods to obtain this information.

It’s not important to them that most people see through their efforts and refuse to comply. What is important is that sometimes, it works. And when it does, that one slip can be catastrophic.

How Does A Security Awareness Program Work?

Good security practices offer many benefits and need to be ingrained in each employee as a natural part of their job function. Physical security requirements of a public reception area will be very different from those of the research department of the same company.

The employees of both areas need to understand the general security expectations of the company along with the specific expectations for their area. Employees must know what to do if they suspect a breach and must feel empowered to take action. A good Security Awareness program is an ongoing effort, starting with intensive training and followed up with periodic newsletters, seminars and awareness drives.

Using Security Awareness As Part Of Your Overall Security Strategy

Security Awareness starts with an intensive, robust basic training program disclosing the various tricks social engineers use to pry information from employees. As part of an overall security strategy, the security champion must work with management to develop a set of internal standards and practices for all employees regarding information and physical security.

These may vary by organization and even by department, depending on the sensitivity of the data owned by that area, the tools they use and the nature of their work. Once the general training is complete, specific training by department should be done internally to the standards defined by departmental and executive management.

First Steps For Information Security

The Information Security professional must have a firm grounding in the fundamentals of Security Awareness in order to create a comprehensive set of policies and corporate awareness training. A professional, in-depth training course is critical in providing up-to-date information to the information security staff.

Training should be periodically refreshed to learn about new tricks and traps for the unwary. Security Awareness is just as important as any technology solution! Uneducated staff can be the weak link that allows malicious criminals to breach physical or technological safeguards. Every employee must understand their role in keeping corporate assets safe.

Ashford Global IT, AGIT, offers IT training in many security platforms including Security Awareness, CISSP, and more. Contact them today to find out how providing security training to your staff can decrease your chances for social engineering and other security breaches.

Image by Purple Slog

Tags: , , , , ,

About this author:


Frank is a leading trainer in IT Security.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.