![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/red-lock.png\")
<\/figure><\/div>\n\n\nWhy Security Awareness Training?<\/h2>\n\n\n\n\u201cYou can\u2019t hold firewalls and intrusion detection systems accountable. You can only hold people accountable.\u201d
\u2014 Daryl White, DOI CIO<\/p>\n\n\n\n
\u2014 Daryl White, DOI CIO<\/p>\n\n\n\n
In a U.S. State of Cybercrime survey<\/a>, 42% of the respondents stated security awareness training helped to deter attacks. This same report also found that, when a cybersecurity incident occurred, organizations without a security training program experienced 300% greater financial loss compared to those that did have a security training program. If that\u2019s not convincing, consider that regular security awareness training is required to meet compliance regulations such as HIPAA<\/a>, PCI-DSS<\/a>, GLBA<\/a>, ISO<\/a>, and others. Regardless of if you have to or not, security training can go a long way in protecting your organization from the fines and disasters that result from a security breach.<\/p>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/magnifying-glass-with-blue-handle.png\")
<\/figure><\/div>\n\n\nSecurity Training Essentials<\/h2>\n\n\n\n
Below, we will walk you through talking points that you can cover in your security awareness training. In addition to these points, we\u2019ve also included a few real world scenarios that describe how threat actors use some of these attack vectors to their advantage. By doing so, we hope to illustrate the need in covering many of these talking points, and to provide you with real world examples that you can share with your employees. This can be an effective way to teach them what to look out for and to help them understand the realities of why they need to take security seriously.<\/p>\n\n\n\n
Identities<\/h3>\n\n\n\n
Identities<\/a> are the number one attack vector, so it\u2019s imperative that your employees understand how to protect them. Remind them that their passwords<\/a> need to be as long and complex as possible, as well as impossible to guess. Passwords should never be reused or shared, and MFA should be enabled wherever possible. Lastly, inform your employees that they should never change a password via an email (an exception to this is a password reset email that they without a doubt requested themselves). If they know their password and they need to change it, they should always navigate to the actual site and change it there.<\/p>\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/new-red-orange-id-badge.png\"){kind=icon}
<\/figure><\/div>\n\n\nEmail<\/h3>\n\n\n\nInform employees of any security measures required for email. We\u2019d recommend requiring MFA and emphasizing to your employees that email is at the center of the organization\u2019s authentication space. As such, it would be catastrophic if they lost control over their email account. If they ever do, let them know they should immediately contact whoever is responsible for security or IT.<\/p>\n\n\n
\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/email-with-envelope.png\")
<\/figure><\/div>\n\n\nAdditionally, stress the importance of taking a few seconds to critically think through why they are receiving an email. For example, they could make a habit of running through some of these questions:<\/p>\n\n\n\n
\n- Does this email make sense?<\/li>\n\n\n\n
- Did I click a link asking for this email?<\/li>\n\n\n\n
- Did I ask someone (a team member or customer) to send me this?<\/li>\n\n\n\n
- Did I engage with a website to send me marketing emails?<\/li>\n<\/ul>\n\n\n\n
When possible, a good rule of thumb to follow is that if anybody receives an email from a site that is requesting some sort of action to be taken, they should manually type in the site address in their browser and navigate to the site that way. Generally, they should learn to distrust that an email is from who it claims to be. Lastly, they should know to not open attachments from emails they\u2019re not expecting to receive.<\/p>\n\n\n\n
Hook, Line, and Phished<\/h2>\n\n\n\n
True Story: <\/strong>One afternoon, an accountant in an organization received an email from an individual claiming to have paid a late invoice. All the accountant needed to do to claim the payment was to click a link and provide their email credentials, which they did. Yep, they had gotten phished. And, once the attacker got their hands on those email credentials, they logged into the accountant\u2019s email and studied the organizations wire transfer approval process by searching through emails. The attacker then used previously sent invoices and forms to fabricate an approval email chain that the attacker then sent to the wire transfers department. Suffice to say, the attacker walked away with a lucrative sum of money. Read the full story here, page 16<\/a>.<\/p>\n\n\n\n
Moral of the Story:<\/strong><\/p>\n\n\n\n
\n- Email is a goldmine of information and at the center of authentication in any organization. Once those credentials are stolen, the sky\u2019s the limit for attackers.<\/li>\n\n\n\n
- Require\/use MFA wherever possible. If MFA had been required on email in the story above, this incident could have been prevented.<\/li>\n\n\n\n
- If you read the full story, you\u2019ll find out that the organization relied heavily on tools to block fishy URLs on the corporate network. However, the accountant was on their home network when they had received the phishing email, and consequently, out of reach from the URL blocking tools. If they aren\u2019t the main line of defense, your employees will be the last stand against an attacker. So, that\u2019s why employee education is just as important as security technology.<\/li>\n<\/ul>\n\n\n\n
Work Devices<\/h2>\n\n\n\nNext, make sure to talk to your employees about how they can secure their work system. Inform them that they should only do company work on company machines. In other words, they should limit the amount of personal activity on their work device, and they should never access work on their personal device. The more you say it, the sooner they\u2019ll get it down.<\/p>\n\n\n
\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/blue-system-with-gear-and-lamp.png\")
<\/figure><\/div>\n\n\nThey should know that full disk encryption<\/a> (FDE) and anti-virus software are required, and they should do their best to avoid losing their laptop. In the event that they do lose their laptop, make sure they know how to contact the security team and that they should do so right away in the event they lose their laptop. If there isn\u2019t a security team, let them know who to contact and how to contact them, whether that\u2019s an IT admin, your MSP, or another individual in your organization.<\/p>\n\n\n\n
Where possible, MFA should be enabled on their work system<\/a>. Additionally, you might want to let them know about the system policies<\/a> that are in place on their devices if you have set some, and that they should not try to subvert these security measures.<\/p>\n\n\n\n
The Office<\/h3>\n\n\n\nRemind employees of the physical security that is in place in your office, like cameras. If your office requires a key or a FOB for entry, let them know that there should be no tailgating. We don\u2019t mean in the parking lot before the big game, but rather, a stranger sneaking in as the door closes.<\/p>\n\n\n
\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/white-security-camera.png\")
<\/figure><\/div>\n\n\nAlso, inform them that they should erase content on whiteboards when they\u2019re done. When they print sensitive information, let them know they should retrieve it immediately and be sure to shred it once they no longer need it.<\/p>\n\n\n\n
It\u2019s a good idea to set the tone for what to do about visitors, too. For example, when they notice a visitor, should they feel free to question them? Where can they direct visitors to wait? Having firm answers to these questions can help employees be proactive in case of an intruder.<\/p>\n\n\n\n
Leave No Stone Unturned<\/h2>\n\n\n\n
True Story: <\/strong>One particular organization had strong systems in place to offboard ex-employees from digital IT resources; however, they weren\u2019t always so prompt in deprovisioning building access credentials. Then one day, a disgruntled ex-employee used this security weakness to their advantage to exact revenge. Using their \u201cstill-yet-to-be-disabled building access card\u201d they entered the building, and then was able to gain entry into a room with an unlocked work system. They plugged a USB flash drive into the machine and had plans to steal and expose sensitive data. Luckily, forensic analysis alerted the company to the malicious activity, and they were able to put a stop to it before the ex-employee was successful. Read the full story here<\/a>.<\/p>\n\n\n\n
Moral of the Story:<\/strong><\/p>\n\n\n\n
\n- Not only is it important to immediately terminate a fired employee\u2019s network access, but their office access as well.<\/li>\n\n\n\n
- This story also demonstrates why it\u2019s important to enforce certain system policies like those that enforce screen lock and disable USB drives. They can help prevent malicious activity on work devices.<\/li>\n<\/ul>\n\n\n\n
Intellectual Property and Data<\/h3>\n\n\n\nSecurity awareness training is also a good time to clarify your rules around intellectual property. Your employees should know what is considered company property, and what the rules are for storing it. Also, establish general rules regarding what they can or can\u2019t talk about with non-company personnel.<\/p>\n\n\n
\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/orange-red-ssd-card.png\")
<\/figure><\/div>\n\n\nAlong the same lines, you should consider going over how to secure data. Ideally you should have rules in place about where employees should and should not store sensitive company data.<\/p>\n\n\n\n
If your organization utilizes cloud productivity platforms like G Suite\u2122 or Office 365\u2122<\/a>, warn your employees to be mindful of who they grant permission to access these files and folders, and that it\u2019s best to share files and folders on an individual basis when possible. Also, advise employees to password protect data files where it makes sense, or to place those files in folders with strict access controls.<\/p>\n\n\n\n
Public WiFi<\/h3>\n\n\n\nSpeaking of public areas, let them know that they should avoid using public WiFi at all costs and only use it if they absolutely need to. While public WiFi can be extremely convenient, it can also be one of the easiest ways to compromise a set of credentials and a device. Lay out for your employees that they\u2019re essentially ceding control of their network traffic over to whoever has access to the router. Some great questions to run through before connecting to public WiFi are:<\/p>\n\n\n\n
\n- Do I trust the coffee shop I\u2019m at to also be experts in network security?<\/li>\n\n\n\n
- Do I trust that nobody has tampered with the router?<\/li>\n\n\n\n
- Do I trust that the router has been updated recently?<\/li>\n\n\n\n
- Would I have an intimate conversation with, say, my tax lawyer in a crowded coffee shop? If no, then it\u2019s probably not the best idea to conduct online banking over the WiFi either.<\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/wifi-router-with-red-button.png\")
<\/figure><\/div>\n\n\nIt ultimately comes down to one\u2019s risk model and what you\u2019re comfortable exposing, but public WiFi fundamentally is an insecure method of communication. When in dire need for the internet, some alternative methods to public WiFi include using mobile data to do something on their phone or to create a mobile hotspot. For the times that\u2019s not an option and they need to take that risk, a VPN (virtual private network) can help mitigate some of that risk, but not all.<\/p>\n\n\n\n
Lastly, security training is a great time to also notify them of any company rules you have about company WiFi (e.g., if there\u2019s certain networks they should or shouldn\u2019t connect their phone to).<\/p>\n\n\n\n
A Night with The DarkHotel<\/h2>\n\n\n\n
True Story: <\/strong>In 2014, the world learned of an advanced hacking group called The DarkHotel. They have since moved on to other types of attacks, but they were initially known for taking over WiFi networks in popular hotels across southeast Asia. They typically targeted traveling businessmen staying at those hotel; their main method of attack was to deliver fake software updates for applications over the public WiFi to the person\u2019s device. If the target fell for it, the hacking group was able to steal work data from the device and use it to compromise the company the employee worked for. Read more here<\/a>.<\/p>\n\n\n\n
Moral of the Story:<\/strong><\/p>\n\n\n\n
\n- Whether it\u2019s for personal use or work, it\u2019s best to simply avoid using public WiFi altogether. You just don\u2019t know who\u2019s listening or what creative attacking methods could find you.<\/li>\n\n\n\n
- This story also shows the prudence of limiting who has access to what. Stolen data from a work laptop could be merely an annoyance, not a catastrophe, if the right access controls are in place.<\/li>\n<\/ul>\n\n\n\n
Browsers and Phones<\/h3>\n\n\n\nImplore your users to leverage a secure browser like Chrome, to only use plugins that have a true business need, and to stick to websites that use HTTPS. However, it\u2019s a good idea to let them know that many phishing websites now use HTTPS, so they shouldn\u2019t solely rely on that lock icon to determine whether or not a website is safe. It never hurts to double check, for example, that they are in fact on google.com and not go0gle.com. Lastly, they should listen when their browser warns them about entering a website; this is often a sign that something is off.<\/p>\n\n\n
\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/phone-with-browser.png\")
<\/figure><\/div>\n\n\nLet your employees know that they should protect their phone with a password or PIN, and they should have it set to be wiped after a certain number of incorrect attempts. After all, more than likely their personal email is on their phone, if not their work email as well, and they can end up losing everything if their phone is not secure.<\/p>\n\n\n\n
They should enable remote wipe in case they lose their phone, and they should also make sure to update their phone with the latest patches whenever they become available.<\/p>\n\n\n\n
Secure Interactions with the Public and Social Networking<\/h3>\n\n\n\nEducate employees about secure practices when interacting with the public online. For example, they should always know who they\u2019re talking to. If someone initiates contact with them, they should never give out information in this situation. The initiator should already have all of the information they need, so it should be an immediate red flag if the initiator requests more. They will be targeted with these kinds of social engineering attacks, so a good rule of thumb to share with them is this: if someone needs an immediate answer, the answer is no. Lastly, to reiterate, make sure your employees know your policies related to sharing private information.<\/p>\n\n\n
\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/megaphone.png\")
<\/figure><\/div>\n\n\nWhen it comes to social networking, remind personnel to use good judgement and to watch out for malicious links. Alert them that they can expect to be targeted because of their connection with the company.<\/p>\n\n\n\n
The Odds are in Everybody\u2019s Favor<\/h2>\n\n\n\nTrue Story: <\/strong>Some time ago, the IT Help Desk at an organization received a frantic call from a \u201csenior executive\u201d claiming they needed help remembering their username for their email. The IT Help Desk walked through the security challenge questions, the caller paused and answered hesitantly, they got the answer correct, and the caller was provided with the username. A couple days later, the IT Help Desk received another call from the same \u201csenior executive\u201d. The caller needed help installing a VPN client, and they provided the IT Help Desk with their name, title, and username. Since the caller provided the username, the IT Help Desk skipped the security questions, and went straight to helping the caller install the VPN client. At the end, the caller said they \u201cforgot\u201d their password. Unfortunately, the IT Help Desk was eager to help, so they reset the password for the caller, granting them full access to the senior executives email account. Read the full story here<\/a>.<\/p>\n\n\n\n
Moral of the Story:<\/strong><\/p>\n\n\n\n
\n- This is a great reminder that anybody can fall victim to a social engineering attack, so it\u2019s important to have security awareness training for all of your employees, whether they are technical or not. Everyone is a target because of their connection with your workplace, and it\u2019s important to regularly reinforce to all employees that it\u2019s essential that they personally uphold best practices for security every day.<\/li>\n\n\n\n
- This is another scenario where MFA could have made a big difference in preventing the attacker from gaining access to the senior executives email account.<\/li>\n<\/ul>\n\n\n\n
What to Do When There Is a Problem<\/h3>\n\n\n\n
Finally, a great way to end a security training session is by setting the expectation of what will happen should they make a mistake or encounter a problem and how to contact the security team when that occurs. It\u2019s important to ensure that your employees won\u2019t feel scared to admit they made a mistake.<\/p>\n\n\n\n
Ideas for How to Conduct Security Training<\/h2>\n\n\n\n![\"2](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101-1030x736.png\")
<\/figure><\/div>\n\n\nNow that you have an idea of what to cover in a security training session, how should you go about delivering a session? Below are a couple of ideas to get you started. However, it\u2019s crucial that security awareness training isn\u2019t merely a list of do\u2019s and don\u2019ts. It\u2019s important to take it a step further by providing context. For example, take one of the stories mentioned here and walk your employees through how security principles could have prevented the incident. Another way to provide context is to discuss the potential risks and consequences that could occur by making the decision to use public WiFi or to not lock a smartphone for instance. Whatever route you choose, it is key to provide context and help your employees understand how to apply their security education.<\/p>\n\n\n\n
In-person Meeting<\/h3>\n\n\n\n
One of the most effective options to deliver security training is to conduct an in-person meeting. If your company is small enough, you can likely have the training session with everyone at once. If your organization is on the larger side, consider conducting individual training sessions with each department. Even if your company is small, tailoring security training to individual departments is really effective. So, whether you\u2019re leveraging in-house resources or you\u2019re utilizing an MSP, consider going that route. You\u2019ll be able to make sure each department is equipped to handle the kinds of attacks they are likely to encounter in their day-to-day work life. If you would like a list of talking points to refer to as you give this training session, consider using this Employee Education Checklist<\/a>.<\/p>\n\n\n
\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/mfa-security-training.png\")
<\/figure><\/div>\n\n\nSecurity Awareness Training Software<\/h3>\n\n\n\n
If you can afford it, another option is to utilize security awareness training software. This type of software helps organizations create an effective security awareness training program, and they often include features like online training modules, phishing simulations, knowledge assessments, and more.<\/p>\n\n\n\n
Recorded Video with a Mandatory Quiz<\/h3>\n\n\n\nOne last option is to record a video of a security training presentation. It doesn\u2019t have to be super fancy; something simple like a PowerPoint presentation with a voice-over can do the trick. To ensure your employees watch it and comprehend it, consider embedding the video into an online survey tool like Google Forms or Survey Monkey and including a mandatory quiz.<\/p>\n\n\n
\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/red-video-link.png\")
<\/figure><\/div>\n\n\nFor inspiration on how to create the video, consider watching this webinar<\/a> we recorded on security training.<\/p>\n\n\n\n
Going Beyond Security Awareness Training<\/h2>\n\n\n\n
Security awareness training can be instrumental in strengthening your security posture, but that doesn\u2019t mean you should rely on training alone to fortify your IT environment. A strategic start begins with implementing the right identity and access management solution. If your startup is cloud-forward and utilizes a heterogeneous mix of IT resources, JumpCloud\u00ae<\/sup>\u00a0Directory-as-a-Service\u00ae<\/sup>\u00a0could be the solution you need to secure user access to virtually all of your IT resources. Not only does JumpCloud\u00a0centralize user and system management<\/a>, but it empowers you with security features like Password Complexity Management, MFA, policies, and more. If you would like to learn more about JumpCloud or one of our security features, consider\u00a0dropping us a note<\/a>\u00a0or\u00a0trying a demo or guided simulation<\/a>.<\/p>\n\n\n
\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/what_is_iam-1.png\")
<\/figure><\/div>\n\n\n\nTry JumpCloud Today<\/a>\n\n\n\n<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
Security training is crucial for all workplaces, so we put together this security training guide that will cover basic employee education essentials.<\/p>\n","protected":false},"author":55,"featured_media":27515,"template":"","categories":[2337],"collection":[2775],"wheel_hubs":[],"platform":[],"resource_type":[2310],"funnel_stage":[],"coauthors":[2513],"acf":[],"yoast_head":"\n
Security Training 101: Employee Education Essentials - JumpCloud<\/title>\n<meta name=\"description\" content=\"Security training is crucial for all workplaces, so we put together this security training guide that will cover basic employee education essentials.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Training 101: Employee Education Essentials\" \/>\n<meta property=\"og:description\" content=\"JumpCloud\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-14T15:54:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"18 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Natalie Bluhm\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials\",\"url\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials\",\"name\":\"Security Training 101: Employee Education Essentials - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png\",\"datePublished\":\"2019-01-29T20:43:37+00:00\",\"dateModified\":\"2024-08-14T15:54:54+00:00\",\"description\":\"Security training is crucial for all workplaces, so we put together this security training guide that will cover basic employee education essentials.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png\",\"width\":1400,\"height\":1000,\"caption\":\"2 factor authentication\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Resources\",\"item\":\"https:\/\/jumpcloud.com\/resources\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security Training 101: Employee Education Essentials\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Security Training 101: Employee Education Essentials - JumpCloud","description":"Security training is crucial for all workplaces, so we put together this security training guide that will cover basic employee education essentials.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials","og_locale":"en_US","og_type":"article","og_title":"Security Training 101: Employee Education Essentials","og_description":"JumpCloud","og_url":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials","og_site_name":"JumpCloud","article_modified_time":"2024-08-14T15:54:54+00:00","og_image":[{"width":1400,"height":1000,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"18 minutes","Written by":"Natalie Bluhm"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials","url":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials","name":"Security Training 101: Employee Education Essentials - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png","datePublished":"2019-01-29T20:43:37+00:00","dateModified":"2024-08-14T15:54:54+00:00","description":"Security training is crucial for all workplaces, so we put together this security training guide that will cover basic employee education essentials.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png","width":1400,"height":1000,"caption":"2 factor authentication"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Resources","item":"https:\/\/jumpcloud.com\/resources"},{"@type":"ListItem","position":3,"name":"Security Training 101: Employee Education Essentials"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource\/27541"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/resource"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/55"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/27515"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=27541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=27541"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=27541"},{"taxonomy":"wheel_hubs","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/wheel_hubs?post=27541"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=27541"},{"taxonomy":"resource_type","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource_type?post=27541"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=27541"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=27541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/figure><\/div>\n\n\nAdditionally, stress the importance of taking a few seconds to critically think through why they are receiving an email. For example, they could make a habit of running through some of these questions:<\/p>\n\n\n\n
- \n
- Does this email make sense?<\/li>\n\n\n\n
- Did I click a link asking for this email?<\/li>\n\n\n\n
- Did I ask someone (a team member or customer) to send me this?<\/li>\n\n\n\n
- Did I engage with a website to send me marketing emails?<\/li>\n<\/ul>\n\n\n\n
When possible, a good rule of thumb to follow is that if anybody receives an email from a site that is requesting some sort of action to be taken, they should manually type in the site address in their browser and navigate to the site that way. Generally, they should learn to distrust that an email is from who it claims to be. Lastly, they should know to not open attachments from emails they\u2019re not expecting to receive.<\/p>\n\n\n\n
Hook, Line, and Phished<\/h2>\n\n\n\n
True Story: <\/strong>One afternoon, an accountant in an organization received an email from an individual claiming to have paid a late invoice. All the accountant needed to do to claim the payment was to click a link and provide their email credentials, which they did. Yep, they had gotten phished. And, once the attacker got their hands on those email credentials, they logged into the accountant\u2019s email and studied the organizations wire transfer approval process by searching through emails. The attacker then used previously sent invoices and forms to fabricate an approval email chain that the attacker then sent to the wire transfers department. Suffice to say, the attacker walked away with a lucrative sum of money. Read the full story here, page 16<\/a>.<\/p>\n\n\n\n
Moral of the Story:<\/strong><\/p>\n\n\n\n
- \n
- Email is a goldmine of information and at the center of authentication in any organization. Once those credentials are stolen, the sky\u2019s the limit for attackers.<\/li>\n\n\n\n
- Require\/use MFA wherever possible. If MFA had been required on email in the story above, this incident could have been prevented.<\/li>\n\n\n\n
- If you read the full story, you\u2019ll find out that the organization relied heavily on tools to block fishy URLs on the corporate network. However, the accountant was on their home network when they had received the phishing email, and consequently, out of reach from the URL blocking tools. If they aren\u2019t the main line of defense, your employees will be the last stand against an attacker. So, that\u2019s why employee education is just as important as security technology.<\/li>\n<\/ul>\n\n\n\n
Work Devices<\/h2>\n\n\n\n
Next, make sure to talk to your employees about how they can secure their work system. Inform them that they should only do company work on company machines. In other words, they should limit the amount of personal activity on their work device, and they should never access work on their personal device. The more you say it, the sooner they\u2019ll get it down.<\/p>\n\n\n
\n<\/figure><\/div>\n\n\nThey should know that full disk encryption<\/a> (FDE) and anti-virus software are required, and they should do their best to avoid losing their laptop. In the event that they do lose their laptop, make sure they know how to contact the security team and that they should do so right away in the event they lose their laptop. If there isn\u2019t a security team, let them know who to contact and how to contact them, whether that\u2019s an IT admin, your MSP, or another individual in your organization.<\/p>\n\n\n\n
Where possible, MFA should be enabled on their work system<\/a>. Additionally, you might want to let them know about the system policies<\/a> that are in place on their devices if you have set some, and that they should not try to subvert these security measures.<\/p>\n\n\n\n
The Office<\/h3>\n\n\n\n
Remind employees of the physical security that is in place in your office, like cameras. If your office requires a key or a FOB for entry, let them know that there should be no tailgating. We don\u2019t mean in the parking lot before the big game, but rather, a stranger sneaking in as the door closes.<\/p>\n\n\n
\n<\/figure><\/div>\n\n\nAlso, inform them that they should erase content on whiteboards when they\u2019re done. When they print sensitive information, let them know they should retrieve it immediately and be sure to shred it once they no longer need it.<\/p>\n\n\n\n
It\u2019s a good idea to set the tone for what to do about visitors, too. For example, when they notice a visitor, should they feel free to question them? Where can they direct visitors to wait? Having firm answers to these questions can help employees be proactive in case of an intruder.<\/p>\n\n\n\n
Leave No Stone Unturned<\/h2>\n\n\n\n
True Story: <\/strong>One particular organization had strong systems in place to offboard ex-employees from digital IT resources; however, they weren\u2019t always so prompt in deprovisioning building access credentials. Then one day, a disgruntled ex-employee used this security weakness to their advantage to exact revenge. Using their \u201cstill-yet-to-be-disabled building access card\u201d they entered the building, and then was able to gain entry into a room with an unlocked work system. They plugged a USB flash drive into the machine and had plans to steal and expose sensitive data. Luckily, forensic analysis alerted the company to the malicious activity, and they were able to put a stop to it before the ex-employee was successful. Read the full story here<\/a>.<\/p>\n\n\n\n
Moral of the Story:<\/strong><\/p>\n\n\n\n
- \n
- Not only is it important to immediately terminate a fired employee\u2019s network access, but their office access as well.<\/li>\n\n\n\n
- This story also demonstrates why it\u2019s important to enforce certain system policies like those that enforce screen lock and disable USB drives. They can help prevent malicious activity on work devices.<\/li>\n<\/ul>\n\n\n\n
Intellectual Property and Data<\/h3>\n\n\n\n
Security awareness training is also a good time to clarify your rules around intellectual property. Your employees should know what is considered company property, and what the rules are for storing it. Also, establish general rules regarding what they can or can\u2019t talk about with non-company personnel.<\/p>\n\n\n
\n<\/figure><\/div>\n\n\nAlong the same lines, you should consider going over how to secure data. Ideally you should have rules in place about where employees should and should not store sensitive company data.<\/p>\n\n\n\n
If your organization utilizes cloud productivity platforms like G Suite\u2122 or Office 365\u2122<\/a>, warn your employees to be mindful of who they grant permission to access these files and folders, and that it\u2019s best to share files and folders on an individual basis when possible. Also, advise employees to password protect data files where it makes sense, or to place those files in folders with strict access controls.<\/p>\n\n\n\n
Public WiFi<\/h3>\n\n\n\n
Speaking of public areas, let them know that they should avoid using public WiFi at all costs and only use it if they absolutely need to. While public WiFi can be extremely convenient, it can also be one of the easiest ways to compromise a set of credentials and a device. Lay out for your employees that they\u2019re essentially ceding control of their network traffic over to whoever has access to the router. Some great questions to run through before connecting to public WiFi are:<\/p>\n\n\n\n
- \n
- Do I trust the coffee shop I\u2019m at to also be experts in network security?<\/li>\n\n\n\n
- Do I trust that nobody has tampered with the router?<\/li>\n\n\n\n
- Do I trust that the router has been updated recently?<\/li>\n\n\n\n
- Would I have an intimate conversation with, say, my tax lawyer in a crowded coffee shop? If no, then it\u2019s probably not the best idea to conduct online banking over the WiFi either.<\/li>\n<\/ul>\n\n\n\n<\/figure><\/div>\n\n\n
It ultimately comes down to one\u2019s risk model and what you\u2019re comfortable exposing, but public WiFi fundamentally is an insecure method of communication. When in dire need for the internet, some alternative methods to public WiFi include using mobile data to do something on their phone or to create a mobile hotspot. For the times that\u2019s not an option and they need to take that risk, a VPN (virtual private network) can help mitigate some of that risk, but not all.<\/p>\n\n\n\n
Lastly, security training is a great time to also notify them of any company rules you have about company WiFi (e.g., if there\u2019s certain networks they should or shouldn\u2019t connect their phone to).<\/p>\n\n\n\n
A Night with The DarkHotel<\/h2>\n\n\n\n
True Story: <\/strong>In 2014, the world learned of an advanced hacking group called The DarkHotel. They have since moved on to other types of attacks, but they were initially known for taking over WiFi networks in popular hotels across southeast Asia. They typically targeted traveling businessmen staying at those hotel; their main method of attack was to deliver fake software updates for applications over the public WiFi to the person\u2019s device. If the target fell for it, the hacking group was able to steal work data from the device and use it to compromise the company the employee worked for. Read more here<\/a>.<\/p>\n\n\n\n
Moral of the Story:<\/strong><\/p>\n\n\n\n
- \n
- Whether it\u2019s for personal use or work, it\u2019s best to simply avoid using public WiFi altogether. You just don\u2019t know who\u2019s listening or what creative attacking methods could find you.<\/li>\n\n\n\n
- This story also shows the prudence of limiting who has access to what. Stolen data from a work laptop could be merely an annoyance, not a catastrophe, if the right access controls are in place.<\/li>\n<\/ul>\n\n\n\n
Browsers and Phones<\/h3>\n\n\n\n
Implore your users to leverage a secure browser like Chrome, to only use plugins that have a true business need, and to stick to websites that use HTTPS. However, it\u2019s a good idea to let them know that many phishing websites now use HTTPS, so they shouldn\u2019t solely rely on that lock icon to determine whether or not a website is safe. It never hurts to double check, for example, that they are in fact on google.com and not go0gle.com. Lastly, they should listen when their browser warns them about entering a website; this is often a sign that something is off.<\/p>\n\n\n
\n<\/figure><\/div>\n\n\nLet your employees know that they should protect their phone with a password or PIN, and they should have it set to be wiped after a certain number of incorrect attempts. After all, more than likely their personal email is on their phone, if not their work email as well, and they can end up losing everything if their phone is not secure.<\/p>\n\n\n\n
They should enable remote wipe in case they lose their phone, and they should also make sure to update their phone with the latest patches whenever they become available.<\/p>\n\n\n\n
Secure Interactions with the Public and Social Networking<\/h3>\n\n\n\n
Educate employees about secure practices when interacting with the public online. For example, they should always know who they\u2019re talking to. If someone initiates contact with them, they should never give out information in this situation. The initiator should already have all of the information they need, so it should be an immediate red flag if the initiator requests more. They will be targeted with these kinds of social engineering attacks, so a good rule of thumb to share with them is this: if someone needs an immediate answer, the answer is no. Lastly, to reiterate, make sure your employees know your policies related to sharing private information.<\/p>\n\n\n
\n<\/figure><\/div>\n\n\nWhen it comes to social networking, remind personnel to use good judgement and to watch out for malicious links. Alert them that they can expect to be targeted because of their connection with the company.<\/p>\n\n\n\n
The Odds are in Everybody\u2019s Favor<\/h2>\n\n\n\n
True Story: <\/strong>Some time ago, the IT Help Desk at an organization received a frantic call from a \u201csenior executive\u201d claiming they needed help remembering their username for their email. The IT Help Desk walked through the security challenge questions, the caller paused and answered hesitantly, they got the answer correct, and the caller was provided with the username. A couple days later, the IT Help Desk received another call from the same \u201csenior executive\u201d. The caller needed help installing a VPN client, and they provided the IT Help Desk with their name, title, and username. Since the caller provided the username, the IT Help Desk skipped the security questions, and went straight to helping the caller install the VPN client. At the end, the caller said they \u201cforgot\u201d their password. Unfortunately, the IT Help Desk was eager to help, so they reset the password for the caller, granting them full access to the senior executives email account. Read the full story here<\/a>.<\/p>\n\n\n\n
Moral of the Story:<\/strong><\/p>\n\n\n\n
- \n
- This is a great reminder that anybody can fall victim to a social engineering attack, so it\u2019s important to have security awareness training for all of your employees, whether they are technical or not. Everyone is a target because of their connection with your workplace, and it\u2019s important to regularly reinforce to all employees that it\u2019s essential that they personally uphold best practices for security every day.<\/li>\n\n\n\n
- This is another scenario where MFA could have made a big difference in preventing the attacker from gaining access to the senior executives email account.<\/li>\n<\/ul>\n\n\n\n
What to Do When There Is a Problem<\/h3>\n\n\n\n
Finally, a great way to end a security training session is by setting the expectation of what will happen should they make a mistake or encounter a problem and how to contact the security team when that occurs. It\u2019s important to ensure that your employees won\u2019t feel scared to admit they made a mistake.<\/p>\n\n\n\n
Ideas for How to Conduct Security Training<\/h2>\n\n\n
\n<\/figure><\/div>\n\n\nNow that you have an idea of what to cover in a security training session, how should you go about delivering a session? Below are a couple of ideas to get you started. However, it\u2019s crucial that security awareness training isn\u2019t merely a list of do\u2019s and don\u2019ts. It\u2019s important to take it a step further by providing context. For example, take one of the stories mentioned here and walk your employees through how security principles could have prevented the incident. Another way to provide context is to discuss the potential risks and consequences that could occur by making the decision to use public WiFi or to not lock a smartphone for instance. Whatever route you choose, it is key to provide context and help your employees understand how to apply their security education.<\/p>\n\n\n\n
In-person Meeting<\/h3>\n\n\n\n
One of the most effective options to deliver security training is to conduct an in-person meeting. If your company is small enough, you can likely have the training session with everyone at once. If your organization is on the larger side, consider conducting individual training sessions with each department. Even if your company is small, tailoring security training to individual departments is really effective. So, whether you\u2019re leveraging in-house resources or you\u2019re utilizing an MSP, consider going that route. You\u2019ll be able to make sure each department is equipped to handle the kinds of attacks they are likely to encounter in their day-to-day work life. If you would like a list of talking points to refer to as you give this training session, consider using this Employee Education Checklist<\/a>.<\/p>\n\n\n
\n<\/figure><\/div>\n\n\nSecurity Awareness Training Software<\/h3>\n\n\n\n
If you can afford it, another option is to utilize security awareness training software. This type of software helps organizations create an effective security awareness training program, and they often include features like online training modules, phishing simulations, knowledge assessments, and more.<\/p>\n\n\n\n
Recorded Video with a Mandatory Quiz<\/h3>\n\n\n\n
One last option is to record a video of a security training presentation. It doesn\u2019t have to be super fancy; something simple like a PowerPoint presentation with a voice-over can do the trick. To ensure your employees watch it and comprehend it, consider embedding the video into an online survey tool like Google Forms or Survey Monkey and including a mandatory quiz.<\/p>\n\n\n
\n<\/figure><\/div>\n\n\nFor inspiration on how to create the video, consider watching this webinar<\/a> we recorded on security training.<\/p>\n\n\n\n
Going Beyond Security Awareness Training<\/h2>\n\n\n\n
Security awareness training can be instrumental in strengthening your security posture, but that doesn\u2019t mean you should rely on training alone to fortify your IT environment. A strategic start begins with implementing the right identity and access management solution. If your startup is cloud-forward and utilizes a heterogeneous mix of IT resources, JumpCloud\u00ae<\/sup>\u00a0Directory-as-a-Service\u00ae<\/sup>\u00a0could be the solution you need to secure user access to virtually all of your IT resources. Not only does JumpCloud\u00a0centralize user and system management<\/a>, but it empowers you with security features like Password Complexity Management, MFA, policies, and more. If you would like to learn more about JumpCloud or one of our security features, consider\u00a0dropping us a note<\/a>\u00a0or\u00a0trying a demo or guided simulation<\/a>.<\/p>\n\n\n
\n<\/figure><\/div>\n\n\n\nTry JumpCloud Today<\/a>\n\n\n\n<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
Security training is crucial for all workplaces, so we put together this security training guide that will cover basic employee education essentials.<\/p>\n","protected":false},"author":55,"featured_media":27515,"template":"","categories":[2337],"collection":[2775],"wheel_hubs":[],"platform":[],"resource_type":[2310],"funnel_stage":[],"coauthors":[2513],"acf":[],"yoast_head":"\n
Security Training 101: Employee Education Essentials - JumpCloud<\/title>\n<meta name=\"description\" content=\"Security training is crucial for all workplaces, so we put together this security training guide that will cover basic employee education essentials.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Training 101: Employee Education Essentials\" \/>\n<meta property=\"og:description\" content=\"JumpCloud\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-14T15:54:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"18 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Natalie Bluhm\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials\",\"url\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials\",\"name\":\"Security Training 101: Employee Education Essentials - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png\",\"datePublished\":\"2019-01-29T20:43:37+00:00\",\"dateModified\":\"2024-08-14T15:54:54+00:00\",\"description\":\"Security training is crucial for all workplaces, so we put together this security training guide that will cover basic employee education essentials.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png\",\"width\":1400,\"height\":1000,\"caption\":\"2 factor authentication\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Resources\",\"item\":\"https:\/\/jumpcloud.com\/resources\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security Training 101: Employee Education Essentials\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Security Training 101: Employee Education Essentials - JumpCloud","description":"Security training is crucial for all workplaces, so we put together this security training guide that will cover basic employee education essentials.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials","og_locale":"en_US","og_type":"article","og_title":"Security Training 101: Employee Education Essentials","og_description":"JumpCloud","og_url":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials","og_site_name":"JumpCloud","article_modified_time":"2024-08-14T15:54:54+00:00","og_image":[{"width":1400,"height":1000,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"18 minutes","Written by":"Natalie Bluhm"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials","url":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials","name":"Security Training 101: Employee Education Essentials - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png","datePublished":"2019-01-29T20:43:37+00:00","dateModified":"2024-08-14T15:54:54+00:00","description":"Security training is crucial for all workplaces, so we put together this security training guide that will cover basic employee education essentials.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/security101.png","width":1400,"height":1000,"caption":"2 factor authentication"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/resources\/security-training-employee-education-essentials#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Resources","item":"https:\/\/jumpcloud.com\/resources"},{"@type":"ListItem","position":3,"name":"Security Training 101: Employee Education Essentials"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource\/27541"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/resource"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/55"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/27515"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=27541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=27541"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=27541"},{"taxonomy":"wheel_hubs","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/wheel_hubs?post=27541"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=27541"},{"taxonomy":"resource_type","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource_type?post=27541"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=27541"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=27541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}