What IT Security Awareness Training Should Entail

What IT Security Awareness Training Should Entail

Human error is routinely identified as the cause of a security breach when one happens. This puts employees at the top of the list of the biggest cybersecurity threats to your business and data. That said, employees can also be your biggest asset in your cybersecurity efforts if they are given the knowledge with effective cyber security training, they need to thwart cybersecurity threats. This can be done through IT cybersecurity awareness training programs. Here are some of the topics this training should cover.


Phishing Scams

Phishing scams are arguably the most common way malicious actors gain access to an IT infrastructure. These types of attacks take advantage of human nature to trick unsuspecting employees into providing access by giving them an incentive or creating a sense of urgency.

Because of how common and damaging they can be, phishing scams and attack awareness should be included in all companies’ training programs. The training should include identifying the most common tricks used in email phishing scams and different ways employees can protect themselves.


Password Protection

Passwords remain the most common authentication option in the world. Everyone with access to a computer or a smartphone has at least one combination of username/email and password that they use to log in somewhere.

Because of how ubiquitous they are, a password compromise is a serious cybersecurity threat to modern businesses and their data. This is why businesses should teach their employees the best password practices with reliable cyber security training. These include:

  • Mandating the use of strong and unique passwords for all accounts.
  • Using password managers to generate and manage passwords.
  • Using multi- or two-factor authentication.
  • Ensuring all passwords are generated randomly and use different letters, numbers and symbols.


Removable Media Threats

Removable media threats are so dangerous because they take advantage of human curiosity and can also bypass most other physical and personnel cybersecurity practices. Removable media, especially thumb drives, are very potent for the delivery of malware that can infect an infrastructure as soon as the device is plugged in.

To take advantage of human curiosity and start the attack, a malicious actor can drop a thumb drive somewhere close to the building, at a conference or public event. A curious employee will then plug it in, and the attack will commence.

The malicious software they contain can cripple systems in case of a ransomware attack, steal data and send it to an encrypted server, or even destroy computers, servers and whole networks. Employees should be trained to never insert any untrusted removable media into any computer.


Clean Desk Policies

Prints, papers, scans and sticky notes can all contain sensitive information. Someone can steal them or see the information on them if they are left on a desk. Companies should implement cyber security training policies where anything left on the desk is not sensitive and is needed at the time. Additionally, employees have to ensure they leave nothing on top of their desks if they leave for whatever reason, regardless of the amount of time they will be away.


Employees can play a vital role in protecting your business from security threats. Untrained or negligent employees put your business in danger, and this is a primary reason why IT Security Awareness Training is so important.


If you are a business in Bristol, Bath or the South West looking for Cyber Security Training that protects your business data, soVision IT can help.