New IT Security Awareness Learning Library Designed to Help Workers Become Frontline Cyber Defenders for Their Employers

Taking advantage of a user’s poor security practices is often a critical first step for malicious hackers or other cybercriminals seeking to compromise an organization’s systems and data. More than 80 percent of hacking-related breaches leveraged stolen or weak passwords, according to research for the 2017 Data Breach Investigations Report from Verizon. The report also says that about one in 14 users were duped by a phishing campaign that led them to click on a link or open an attachment that was malicious.

The number of recent and massive data breaches only highlights the critical importance of turning workers into effective frontline cyber defenders for their organizations. Employee training, as a complement to strong technical security controls such as anti-virus, anti-spyware and web filtering technology, can go a long way toward improving an organization’s overall security posture.

However, many businesses fall short when it comes to training their teams. Even companies with high board engagement in cybersecurity can struggle to get messages through to their workers: Our research shows that less than half of these organizations (48 percent) do an excellent job of communicating to employees the need to differentiate between public and sensitive data, and how to handle each type.

Companies often fail to invest adequate resources into developing a formal security awareness program that includes effective educational tools. There is often over-reliance on the IT team to keep the workforce up to date on cyber threats and security best practices. While IT is a logical resource for providing security training, few departments have the time or staff to do this well — or continuously. Also, IT personnel may not be the most effective teachers for employees who are not tech-savvy.

Security Training Based on Real Life

To help workers build foundational knowledge about security risks and best practices, learn that information at a comfortable pace and retain it, and understand their critical role as frontline cyber defenders, businesses need access to training resources that will engage their employees.

With that in mind, Protiviti’s Training and Communication Solutions team, in close collaboration with our Technology Consulting Group, has developed an IT Security Awareness Training Library for businesses to equip their employees with information that will help them keep data and devices secure. The library is the result of years-worth of observations from the practice field, where we have seen patterns of weaknesses and ways that cyber training can be improved.

The three- to five-minute interactive learning modules in our “Security Awareness Series” are designed to provide fast, effective and mobile-friendly training for employees, and to appeal to a broad audience. The video-based modules cover a range of timely information security topics such as:

  • Data security
  • Data privacy
  • Password control policy
  • Social networking
  • Portable device security
  • Spear phishing
  • Ransomware
  • Encryption

We know firsthand from conversations with our clients — and from the news headlines — that the need for effective security training for employees is getting more critical by the day. Workers cannot help to protect the organization’s “crown jewels” if they don’t understand the risks, and how to avoid or respond to them. By making our field experience available to the public in the form of this training library, we hope to be part of solving that problem — and helping businesses become more cyber resilient.

Jon Williams, Director in Protiviti’s Training and Communications Practice, contributed to this content.

Cal Slemp

Managing Director
IT Security and Privacy Practice Leader

Richard Childs

Managing Director
Consumer Products and Services Industry Leader

Subscribe to Topics

As businesses compete for #quantum compute time, things can get complicated. @Strangeworks provides shorter queue times and cost and access control for customers. Join @KonstantHacker as he chats on this with Cesar Rodriguez from @Strangeworks.

Read this #SAP Blog to learn five considerations that have improved #ROI for our clients, highlight new ways of working and the art of the possible in the organization’s future #S4HANA system compared to ECC 6.x systems.

#ProtivitiTech #analytics #cloud

The intersection of #5G and #edgecomputing technologies will reinvent industries, change the way #security is implemented and revolutionize business operations. Learn in #Technology Insights why 5G and edge computing impacts approaches to security:

Digitally transforming business with #Dynamics365 CE provides organizations with easy configuration and #integration with other #Microsoft products, fewer post-deployment issues and can be accessed anywhere. Read more in the #Technology Insights blog:

In Protiviti's #cybersecurity #webinar series, learn insights from the effectiveness of crisis management response in #ransomware attacks to articulating core concepts of #zerotrust and the toolsets needed to architect zero trust. Explore sessions here:

Load More...