While it is believed that the biggest threats to information security comes from outside sources, the most significant threats can originate from within your organization. One of the best ways to ensure company employees do not make costly errors concerning information security is to incorporate company-wide security awareness training initiatives. These initiatives will give employees a solid understanding of security policies, procedures and best practices of the organization as well as the evolving risks and cyber threats surrounding them.

The critical aspects to focus on in your security awareness training are the organization’s security policy, data handling and classification, password and workspace security, wireless networks, phishing, malware, file sharing and copyrights. It should also cover the ways attackers gain entry to your network and necessary steps to curtail these risks.

Also, it is important to understand the types of attacks more prevalent today. For instance, a whaling attack is an attempt to steal sensitive financial or personal information of an employee, mainly for malicious reasons. To mitigate this risk, security awareness training and use of simulated phishing attacks will help.

I hope this help you further understand that employees are as much of the information security equation as your appliances and compliance frameworks in securing your company again cyberattacks. In a couple of days, I will provide the key topics your employee training should include.

(This "Security Blogs" Published in May 2023 Edition)