Importance of Employee Security Awareness Training (Continued)
As I mentioned earlier this week, employees are as much a part of the information security equation as your appliances and compliance frameworks in securing your company against cyber-attacks. It is therefore important to make sure they are aware of the security policies, procedures and best practices of the organization as well as the evolving risks and cyber threats surrounding them.
Key Topics for Employee Training:
Email and browser security: The ability to identify skeptical email messages and malware / viruses, modern web browser security features, how phishing could be a threat and the best practices to reduce the most significant risks
Avoiding malicious downloads: Consequences of deploying malicious downloads, best practices for installing new applications and keeping existing software updated, ability to identify if a system has been infected with malicious software, and how to deploy internet / email security software
Mobile security: Common threats to mobile devices, how mobile POS (Point of Sale) systems work and the risks associated with them, proper strategies for cardholder data while using mobile systems, how to guarantee that mobile devices are secured and the security risks associated in using personal mobile devices at work
Social media security: The privacy and security parameters offered by social media, risks of using social media at work and home, and ways to minimize social media hacks
Anti-virus and software updates: Methods to keep both software and operating systems up to date, how to install, configure and update anti-virus software, how to use windows update securely, and methods to secure mobile devices
Secure remote working: Risks, and threats associated with accessing company data and systems while working remotely, how private data is handled during remote login as well as the technology and software available to make remote working more secure and protected
Protecting cardholder data: Identifying the most sensitive pieces of information on a credit / debit card, determining what and who needs to comply with PCI standards, explanation of how card transactions work and how to deal with credit / debit card data securely
I hope this provides some insight into some additional security measures that will keep your company safe and secure. Stay tuned for more ideas coming soon.