The Low Hanging Fruit of Cyber Security Part 3 of 3: Security Awareness Training
Over the course of this three-part series, we have explored security measures to help keep your organization better protected from cyber criminals. In part one, we examined the importance of patching, and in part two,we explored advanced email security. In this final part of the series we will cover security awareness training that should be implemented in every business.
The reality is that the bad guys are always trying to stay a step ahead of the of the barriers you are putting in their way. In part two, we discussed the importance of employing a robust best of breed email security platform to protect your business and its users. Even with the best email security in place, hackers do succeed in getting through barriers and get an email into your end user’s inbox. At this point the end user will either look at the email and dismiss it as “junk” or “malicious” then delete it, or they will click on a link in the email and get phished, crypto locked, or worse. What does this mean? It means the user could potentially give an attacker their network or email credentials, which could access the business’ confidential or sensitive data. In another scenario, the user could have their files encrypted, then be locked out of their computer until a ransom is paid. What can be done to train people to not click on these malicious links? Providing your end users Security Awareness training is the first step.
Thrive delivers a managed service that is a two-pronged approach, comprised of a quarterly online training and a monthly phishing attempt.
The quarterly trainings are centralized around topics like the examples listed below. At the end of the training window, Thrive will provide you with a report of which users finished the training and how they did on the mini quiz at the end of it.
- Basic Security Awareness Training Course
- Ransomware for Hospitals
- Strong Passwords
- Mobile Device Security
- Safe Web Browsing
- CEO Fraud
- Basics of Credit Card Security
- PCI Compliance Simplified
- Financial Institution Physical Security
- GLBA Compliance Course
- Secure Destruction of Sensitive Information
- Securely Working From Home
- Social Engineering the Executive
- Social Media Precautions for Executives
The second part of this offering is a monthly phishing exercise where Thrive will send your users an email designed to look like a phishing attempt to test whether or not they know how to handle the situation. If they happen to click on one of the links, they will be directed to a web page that looks similar to the image below, which will give them a few tips on what to do next time. The users that do click on the links in the phishing emails are tracked and can be sent into an additional training module if they are repeat “clickers”.
Please contact Thrive or call us at 866-205-2810 for more information on the managed options that are available to proactively protect your users and business from the harmful emails making their way into your organization.