What to include in a cybersecurity training?
With most of our jobs and functions moving to online settings, it is always daunting for employers to just make all their information on the web, especially if this information is highly confidential.
Just as we have witnessed at Pathways, many companies are turning to companies like ours to create training and help them educate their employees on things they should and shouldn’t do to protect their information (not just corporate information, but also personal information).
But what should be included in the training? Well, it really depends on the company, what type of data is used, and the type of employees they want to train. However, there are things that can be taught across the board to all employees, for example, I believe these are the most common topics:
How to create secure passwords and safely store them
When and where to connect to the company’s servers
How to identify phishing attacks
When to report suspicious activity to the IT department
How to securely share files
Identify suspicious activity within the company
When and where to open devices external to the company (e.g. 3rd party devices, personal devices, etc.)
In general, this type of training should be done hand in hand with the policies of the company, given that there are specificities to each environment that are stipulated in the policies document.
Is there a need to get technical? Again, it really depends on the target audience, since there are different levels of protection that encompass the cybersecurity environment of a company.
In any case, there is one thing that could be helpful, and is to help employees understand how the mind of a cybercriminal work, what their intended target is and what actions they can take, that way it’s easier for employees to react to situation that might look suspicious.