The press can’t get enough of corporate data breaches. They delight in showcasing the latest horror story about a business that lost massive amounts of private records or millions in revenue to the latest hack. You could be next.
“The adage is true that the security systems have to win every time, the attacker only has to win once.” —Dustin Dykes, CISSP Founder Wirefall Consulting
Despite all the funds you may have spent on state-of-the-art security software, the bad guys are just one gullible user click away from staging an all-out invasion. To make matters worse, that user might well be you! Recent surveys show that executives can be some of the biggest culprits when it comes to clicking on phishing links and opening malicious email attachments.
Yet by far the most effective strategy in combatting these attacks is also one of the most poorly implemented – security awareness training. The long list of “worst practices” for user education is almost endless – break room briefings while people eat lunch and catch up on email; short instructional videos that provide no more than superficial understanding; and the time-honored practice of hoping for the best and doing nothing.
Find out what the true best practices are for security awareness training – those that establish a human firewall to effectively block hackers and criminals, and keep you out of the headlines.
This whitepaper provides clear direction on how to go about improving your organization’s security posture by “inoculating” employees who fall for social engineering attacks. Such incidents are far from uncommon. According to a recent study by Osterman Research, email is the most prevalent channel of infiltration into the enterprise.
- A summary of the main email-based attack vectors into organizations such as phishing, spear-phishing, executive “whaling”, and “CEO fraud”.
- What organizations are doing about it and why this isn’t enough.
- What is wrong with most current security awareness training programs. This includes a list of “worst practices” along with why they don’t work.
- The proven best practices for security awareness training that reinforce existing defenses by erecting a human firewall.
- How to combine security awareness training with simulated phishing attacks to keep employees on their toes with security top of mind.
- How to devise a valid KPI for the effectiveness of that training to showcase its return on investment.