{"id":27541,"date":"2019-01-29T15:43:37","date_gmt":"2019-01-29T20:43:37","guid":{"rendered":"https:\/\/jumpcloud.com\/?page_id=27541"},"modified":"2024-08-14T11:54:54","modified_gmt":"2024-08-14T15:54:54","slug":"security-training-employee-education-essentials","status":"publish","type":"resource","link":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials","title":{"rendered":"Security Training 101: Employee Education Essentials"},"content":{"rendered":"\n

There is no such thing as an organization that is too small to be a target for hackers. In fact, Verizon\u2019s 2018 Data Breach Investigation Report<\/a> found that 58% of data breach victims were small businesses. So, it\u2019s crucial for companies of all sizes to take security seriously. While implementing security technology is a great place to start, it\u2019s also imperative to educate employees by conducting regular security awareness training. Small organizations don\u2019t always have the luxury of having a security team to lead this, but with the right materials, anybody in an organization with an interest can conduct security training sessions. If you simply can\u2019t dedicate resources towards having an in-house security guru, consider reaching out to a managed service provider (MSP) that offers managed security services. As IT experts, they can be a really effective partner in helping you achieve your security and operational goals. So what should a security training session cover? Well, we\u2019ve put together this security training guide that will cover employee education essentials, some ideas on how to conduct the training, and a video on the matter.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Why Security Awareness Training?<\/h2>\n\n\n\n

\u201cYou can\u2019t hold firewalls and intrusion detection systems accountable. You can only hold people accountable.\u201d
\u2014 Daryl White, DOI CIO<\/p>\n\n\n\n

In a U.S. State of Cybercrime survey<\/a>, 42% of the respondents stated security awareness training helped to deter attacks. This same report also found that, when a cybersecurity incident occurred, organizations without a security training program experienced 300% greater financial loss compared to those that did have a security training program. If that\u2019s not convincing, consider that regular security awareness training is required to meet compliance regulations such as HIPAA<\/a>, PCI-DSS<\/a>, GLBA<\/a>, ISO<\/a>, and others. Regardless of if you have to or not, security training can go a long way in protecting your organization from the fines and disasters that result from a security breach.<\/p>\n\n\n\n

Now that you are armed with a couple of reasons you can share as to why it\u2019s important, let\u2019s go over the principles of security training.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Security Training Essentials<\/h2>\n\n\n\n

Below, we will walk you through talking points that you can cover in your security awareness training. In addition to these points, we\u2019ve also included a few real world scenarios that describe how threat actors use some of these attack vectors to their advantage. By doing so, we hope to illustrate the need in covering many of these talking points, and to provide you with real world examples that you can share with your employees. This can be an effective way to teach them what to look out for and to help them understand the realities of why they need to take security seriously.<\/p>\n\n\n\n

Identities<\/h3>\n\n\n\n

Identities<\/a> are the number one attack vector, so it\u2019s imperative that your employees understand how to protect them. Remind them that their passwords<\/a> need to be as long and complex as possible, as well as impossible to guess. Passwords should never be reused or shared, and MFA should be enabled wherever possible. Lastly, inform your employees that they should never change a password via an email (an exception to this is a password reset email that they without a doubt requested themselves). If they know their password and they need to change it, they should always navigate to the actual site and change it there.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Email<\/h3>\n\n\n\n

Inform employees of any security measures required for email. We\u2019d recommend requiring MFA and emphasizing to your employees that email is at the center of the organization\u2019s authentication space. As such, it would be catastrophic if they lost control over their email account. If they ever do, let them know they should immediately contact whoever is responsible for security or IT.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Additionally, stress the importance of taking a few seconds to critically think through why they are receiving an email. For example, they could make a habit of running through  some of these questions:<\/p>\n\n\n\n