3 min read

What is Security Awareness Training?

What is Security Awareness Training?
What is Security Awareness Training?
5:37

92% of all breaches could have been prevented with a Security Awareness Training program.

 

Security Awareness Training is a means to educate and train employees within your organization with information necessary to protect themselves as well as your organization from cyber criminals through phishing attacks, account takeovers, wire transfers, and more.

 

 

Security Awareness Training: What it is and Why it's Important?

 

Employees must understand that the bad guys are out there trying to trick them into gaining access to your critical information. The point of security awareness training is to educate employees on what is considered risky, what clues to look for that indicate a threat, and how to respond.

 

Additionally, cyber threats are continually changing. Hackers can take over your organization’s network, hack into bank accounts, pose as a trusted source with a dummy account, infect your network with Ransomware and hold your data hostage, and so much more.

Security Awareness Training Statistics 

Staying Compliant with Security Awareness Training

 

If your organization must comply with industry regulations such as HIPAA (Health Insurance Portability and Accountability Act of 1996), PCI (Payment Card Initiative), NIST, GBLA or ISO, having a security awareness training program in place is critical.

 

HIPAA Journal States: According to Security Rule, HIPAA training is required “periodically”. Many businesses interpret “periodically” as annually, which is not necessarily accurate or effective.

 

Gramm-Leach-Bliley Act (GLBA)  “Train staff to recognize and respond to schemes to commit fraud or identity theft, such as guarding against pretext calling"

 

Cybercrime is moving at light speed. A few years ago, cybercriminals used to specialize in identity theft, but now they take over your organization’s network, hack into your bank accounts, and steal tens or hundreds of thousands of dollars. Organizations of every size and type are at risk. Are you the next cyber-heist victim? You really need a strong human firewall as your last line of defense.

 

 

See a Social Engineering hack live in action by watching the above video.

 

Rather than a one-time event, security awareness training is most useful when used as an ongoing practice in the framework of a bigger security awareness program.

 

What Types of Issues Should Security Awareness Training Cover?

 

  1. What is Malware?

    Short for malicious software, this covers many threats such as ransomware, viruses, adware, spyware, and more. Employees should learn how to identify malware and what to do if their device or network has been infected. The immediate response should be to turn off the system or device and inform management.

     

  2. Email Phishing

    Malware typically enters networks through a phishing email with a request to click a link or download a file. It's critical for employees to know the signs of a phishing email and what to do about it. Phishing simulations utilize a phishing template from a recognizable source such as LinkedIn, to test employee awareness.

     

  3. Social Engineering

    Social engineering scams are designed to take advantage of human behavior via multiple outlets. The most common type of social engineering is a phishing email. Additional platforms include text messaging (SMSishing), phone or voicemail phishing (vishing), and social media phishing.

     

  4. Safe Use of Social Media

    Employees should know actions they can take for both work and personal to stay secure while sharing.

     

  5. Safe Internet Habits

    Do not click on suspicious links. Refrain from installing software programs from unknown sources. Only access sites that are https - the s is for secure.

     

  6. Removable Media

    Ever found a removable thumb drive or external hard drive and plugged it into your computer to see who it belongs to? What if that was planted in the parking lot at your office specifically for that reason, and it contains malware that takes over your computer or worse.

     

  7. Password Security

    Complex passwords or passphrases are much harder to crack. Enable multi-factor authentication (MFA) as an extra layer of security. Set a cycle for password changes, requiring employees to change their passwords every 3 months.

     

  8. Clean Desk Policy

    Anything sensitive or confidential should be removed from your desk and placed in a locked desk drawer or file cabinet.

     

  9. Mobile Computing

    Working from home or on the go can pose risks as well. Public Wi-Fi should always be avoided.

     

  10. Software Patching

    Perform regular updates to ensure your software is patched.

     

Social Engineering Red Flags

Image courtesy of KnowBe4

 

Although these are some of the things you can learn about, the overall objective is to build a culture around cyber security awareness.  There's a lot to this for businesses to consider. 

 

Security is everyone's responsibility. Even seemingly harmless behaviors or small mistakes can have big consequences. Security awareness training helps get everyone on the same page, reduces risks and incidents, and helps the entire workforce protect their organization and themselves.

 


New call-to-action

Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:

  • Tri-Cities, Washington 509.396.6640
  • Yakima, Washington 509.396.6640
  • Bend, Oregon 541.848.6072
  • Seattle, Washington 206.743.0981

Questions about your IT or Cybersecurity? Give us a call today!

Outdated Technology is Draining Your Organization’s Budget

Outdated Technology is Draining Your Organization’s Budget

Is your business losing money due to outdated technology? Chances are, the answer is yes. A recent survey by Deloitte found that 82% of companies...

Read More
Planning for Windows 10 End of Support: What You Need to Know

Planning for Windows 10 End of Support: What You Need to Know

As October 14, 2025, approaches, businesses need to prepare for the end of support for Windows 10. Microsoft has announced that after this date, they...

Read More
Lessons from the CrowdStrike Outage: What Your Business Needs to Know

Lessons from the CrowdStrike Outage: What Your Business Needs to Know

Imagine the sudden chaos when 8.5 million Windows devices - spanning industries like airlines, banking, and healthcare - began displaying the dreaded...

Read More