FEATURE : TRAINING
In fact , research conducted during the pandemic detailing online behaviors and clicks habits found that in Australia and New Zealand , one in five people reported receiving phishing emails specifically related to COVID-19 . 76 % of respondents also admitted to opening emails from unknown senders , with over half ( 59 %) blaming it on the fact that phishing emails look more realistic than ever .
Nick Emanuel , Senior Director of Product , Webroot and Carbonite
It takes time to reach a healthy level of cyberawareness but getting started has been made much simpler by awareness training toolsets or programs . The effects are cumulative and can be measured from day one .
Fostering suspicion into day-to-day online business routines , as well as simple steps such as using unique and strong passwords for all logins , disabling macros from a document and removing admin access from devices can keep end-users safe from a range of common threats . Efforts in building the right employee awareness and behavior should be spearheaded by the CIO and CISO and senior leadership needs to buy in to encourage lasting change . Employees should receive routine updates on cyber-resilience initiatives and progress to communicate priority and importance to the greater organization .
Education and awareness are everything
Simply put , if employees are not educated about cyberthreats , they can ’ t be expected to completely defend against them . Which is why many businesses are now turning to training and education services specifically geared toward helping employees improve their cybersecurity postures .
Cybersecurity awareness training varies in length and curriculum , but elements can include phishing simulations , courses on security best practices and data protection and compliance training for important regulations like the Privacy Act 1988 ( Cth ), Privacy Act 2020 , GDPR , HIPAA , CCPA , etc .
Training is of course important at onboarding , but regular on-going simulations , engaging content and gamification will create and sustain true culture . To reinforce a cyber-resilient culture , IT leaders should report on successes ( like number of attacks blocked ) and communicate the latest risks / threats
and tips to staff about cybersecurity trends and best practices through internal newsletters , emails and remote check-ins .
Business leaders should incorporate reminders and updates about cybersecurity into team meetings and other important company updates to underscore the importance and purpose of investing in cyber-resilience .
By leading the implementation of appropriate practices and considerations into company culture , CIOs , CISOs and their peers have the power to reduce the risks posed by cyber-criminals by significant margins .
By ensuring staff understand they play a critical role in ensuring security , companies are empowered to protect data and operations and ultimately uphold the trust place in them by customers , employees and stakeholders . p
CIOS , CISOS AND THEIR
PEERS HAVE THE POWER TO REDUCE THE RISKS POSED BY CYBER-CRIMINALS BY
SIGNIFICANT MARGINS .
www . intelligentcio . com INTELLIGENTCIO APAC 55