20min

Security Awareness

﻿
Elements of a Good Security Awareness Program
The outcomes of a good security awareness program are:
Increase the security culture of a company
Educate and train users on security best practices such as:Phishing Prevention and Actions
Data classification and handling
Security at your organizationThe security team
Where to go for security guides and information at your organization
How to report an incident or who to ask questions about security
Measure the security awareness of an organization (Optional - Read this first)
Ensure users have acknowledged and read the organization's security policies for compliance reasons
Security Awareness Training Software
Security awareness training software will typically serve two purposes:
Provide you access to content (videos, quizzes, posters/PDF's, etc)
Lightweight Learning Management System (LMS)
Note: If your company already has an LMS (usually People Ops or HR), they may prefer to use that platform vs having users go to another platform. 
﻿
Example Campaign
Security Awareness training should be viewed as a marketing campaign. The product you are marketing is good security practices.
As with any marketing campaign where you want to increase conversion, you will want multiple touch points vs just one large touchpoint.
Here is an example program:
Initial training 
Sample Email For Smishing / Phishing Protection
﻿
This email is from the CEO, in response to CEO fraud smishing and phishing attacks.
Hello Team,
We have been seeing an increased number of smishing (fake texts) and phishing (fake emails) impersonating me and asking you to take an action. Rest assured, I would not text or email you directly for urgent matters, but would work with the management team via our normal channels (Slack, Gmail) for example.
Please ignore these messages. Additionally, please use the appropriate feature of your provider to indicate the message is spam. 
Below are examples:
Reporting spam on iPhone:﻿https://support.apple.com/guide/iphone/block-filter-and-report-messages-iph203ab0be4/ios﻿
Reporting spam on Android:﻿https://support.google.com/messages/answer/9061432?hl=en﻿
Reporting phishing on Gmail:﻿https://gsuitetips.com/tips/gmail/reporting-phishing-emails/﻿
If you have any questions, please contact IT or send an email to security@acme.com
Thank you,
Bruce Wayne
CEO
﻿
security-news Channel In Slack
If you have a slack workspace, we encourage creating a public security-news channel for people to see more about security happenings. 
To  add a channel, use the /rss subscribe <feed url> command

﻿
Vendors
Below is a list of vendors that offer security awareness training solutions.
Wizer Security
KnowBe4
﻿