LANG=en
2 min read

Cyber Security Awareness Training - How It Works

by DriveLock
Cyber Security Awareness Training by DriveLock

More and more new malware variants and so-called fileless attack vectors threaten corporate networks. The AV-TEST Institute registers more than 450,000 new malware and potentially unwanted applications (PUA) every day. In 2021, it registered more than 1312 million malware variants, an average of more than 10 million new variants per month. 
Software vulnerabilities are being exploited in a targeted manner - check our blog post about the Log4j hack. So, it is only logical to upgrade technical controls and defense mechanisms as much as possible to prevent the execution of malware, scan software versions for vulnerabilities, enable multi-level authentication, etc.

However, it would be too simplistic to see cyber defense purely as a technical challenge - people's actions play a significant role. The cause of security incidents is almost always human error. Large and complex systems are vulnerable to mistakes made by inexperienced or untrained staff, as well as to the activities of malicious insiders.

Security awareness training - make it last!

In companies, information security awareness training for all employees (including executives!) can help to build security awareness. It is also important that these trainings are not stand-alone, one-off special measures that only apply to the fulfillment of recommendations and standards. After all, 81 percent of companies invested in awareness measures before and during the pandemic.

Cyber security awarenessLet's look at an analogy for our early learning phases: Before we are allowed to drive a car, we have to pass a driving test. But we can drive safely on the road after sufficient driving practice, i.e. through constant repetition. One-off training is not enough. Applying to cyber security: We need warnings and repetition to build up security awareness. These 'pulses' should be timed to coincide with security-related activities - which could have precarious consequences if we are not highly focused. Ideally, IT security training is supported by or integrated into the IT security solution used.

Although human error can never be completely ruled out, well-planned cyber security awareness training helps to reduce the risk to an acceptable level. To raise awareness in the long term, it is essential to integrate a program of awareness-raising and training into everyday work.

Security awareness training for employees educates users on what they can do to detect malicious activity and how to act in the event of such activity. Security awareness training is an important layer of security added to existing 'technical' security controls.

 

What should be included in cyber security awareness training?

  • The correct handling of USB devices - common sources of virus or malware infections that might be unknowingly infected.
  • Identifying various forms of social engineering, the pretense of an email sender we are familiar with (e.g. bank, payment service provider, tax office), or its website.
  • Recognizing suspicious phishing mails
  • Dealing with sensitive information

The goal of these cyber security awareness trainings is multi-layered:

  1. In addition to increasing security awareness, legal requirements are met in the process.
  2. The focus should be on changing behavior.

Cyber Security Awareness Training - Phishing
Figure: Security Awareness Training from DriveLock -  Phishing

Occasion-related and target group-oriented learning

The DriveLock Security Education module serves to increase the security awareness of your company's employees. Through continuous and event-related learning in security-relevant situations, they are made aware of possible dangers. 

Employees can receive targeted information on the correct behavior and necessary security measures during certain activities, such as inserting a USB stick or connecting to a Bluetooth device.

When an application is started, DriveLock can check whether it is a secure application and play a short campaign with security instructions.

In the event of an acute security incident, you can publish appropriate behavioral measures ad hoc across the company to minimise impact and costs.

Cyber Security Awareness Training Social Dilemma
Figure: Security Awareness Training from DriveLock

You can set up DriveLock Security Awareness campaigns flexibly according to your requirements (group of people, time, media format of the training) to ensure target group-oriented and effective communication. And we have tests at the end of each section, which allow you to review your employees' learning success.

You can find out more in our Security Education solution module.

In our next article, you will learn why security awareness must focus on the end user.


Fotos: iStock, DriveLock Security Education module


Related posts

Far Ahead and High Up

DriveLock with a new look & feel DriveLock has enhanced its brand identity as part of the strategic focus to position its endpoint protection...

PUR-S 2021: DriveLock is the Endpoint Protection Champion

IT and data security specialist achieves top results in user survey.  

Cyber Hygiene Practices: Tips and Checklist

Cyber hygiene - these are simple security principles that every organisation should know and implement to keep all sensitive data under control and...