Your security is only as strong as your weakest link.
Your employees handle sensitive information and trade secrets in paper, verbal and electronic formats. Your IT staff manages networks and systems. All of your personnel ultimately make decisions that affect both the security posture and risk profile of your organization every day.
Your formally documented information security policies are the basis of your organization’s operational procedures and standards. Your staff needs to be educated on how to identify suspicious activity, follow the appropriate escalation procedures through your established chain of command and respond to a potential security incident.
Why It’s Important
Your network and sensitive data are only as secure as the weakest access point, which includes your employees. Attackers look to exploit any weakness they can identify. Simply addressing the security of your organization’s hardware and software is not enough.
All of your hard work implementing technology to keep out attackers can be thwarted in minutes with a simple phone call to your receptionist impersonating your IT department and asking for credentials to troubleshoot a mysterious “printer issue.”
It’s just as important to properly undergo security awareness training to protect against common pitfalls attackers exploit to access sensitive data as it is to secure your Internet-facing systems.
How We Can Help
We work with you to create a training program, inclusive of new hire, annual, periodic refresher and ongoing awareness training. We use various methods based on the skills, level of access and roles of your target audience. Some training will have more focus and depth for technical controls, while other training will be more appropriate for customer interaction.
We have courses and training materials to help your organization meet regulatory and compliance requirements such as GLBA, HIPAA/HITECH, or PCI DSS specific to employee security awareness training. We teach your employees proper security controls and their responsibilities for impacting your organization’s security.
Our employee security awareness training typically covers the following topics:
- Information Security Overview
- Applicability and responsibilities
- Profiles of attackers
- Types of attacks
- Compliance Requirements
- Abridged history
- Applicable requirements
- Proper handling of sensitive data
- Protected Sensitive Information
- Company confidential information
- Account numbers, cardholder data, social security numbers
- Systems and networks
- Third-party connections
- Safe Computing Habits
- Strong passwords
- Email and browsing use
- Remote access
- Removable devices
- Social media
- Social Engineering
- Understanding attacks
- Identifying behaviors
- Proper responses
- Escalation procedures
We conduct the courses or provide you with the materials to perform the training in-house. We provide supplemental training materials in multiple forms, including emails, posters and newsletters. Employees attending training classes receive a one-page security handout. This “cheat sheet” is designed to be kept at their work area as a quick reference guide. We also have multiple delivery methods, including remote (online) or in-person (on-site) courses.
Start building a more
security-conscious team today.
All it takes is your name and phone number or email address to learn more about our services and expertise. If you’d like, you’ll also be able to send additional details after you submit your information here.