Modern Threats and Social Engineering
Nowadays, digital security systems are constantly improving, so the risk of a successful attack against them seems low. On the other hand the associates and the partners of a company are the first line of defense against the modern potential threats. People make mistakes, forget things, or fall for fraudulent practices. Thus, it’s more convenient for an attacker to bypass security by targeting an associate, than attacking the system itself. To minimize the part your associates play in the breach of your company data, training is a significant precautionary measure. Data protection awareness will create a sense of empowerment not only in the office, but also remotely and will give to your associates the practical skills needed to better protect your business. The most important training points are:
Public WI-Fi Risks
Remote work protection
Removable devices scams
Clean desk policy
Safe Internet and Social Media use
After the training process is complete, the assessment will show you if it is really working. Thus, adaptive questionnaires should be used by a company, both before and after the awareness program. Assessment before the training program will show you the topics that you should emphasize more to the associates during the process, while assessment after the training will show you the success of the program. It is recommended that the training program is conducted on a regular (perhaps annual) basis rather than as a one-off exercise.