20min

Security Awareness



Elements of a Good Security Awareness Program

The outcomes of a good security awareness program are:

  • Increase the security culture of a company
  • Educate and train users on security best practices such as:
    • Phishing Prevention and Actions
    • Data classification and handling
    • Security at your organization
      • The security team
      • Where to go for security guides and information at your organization
      • How to report an incident or who to ask questions about security
  • Measure the security awareness of an organization (Optional - Read this first)
  • Ensure users have acknowledged and read the organization's security policies for compliance reasons

Security Awareness Training Software

Security awareness training software will typically serve two purposes:

  1. Provide you access to content (videos, quizzes, posters/PDF's, etc)
  2. Lightweight Learning Management System (LMS)

Note: If your company already has an LMS (usually People Ops or HR), they may prefer to use that platform vs having users go to another platform.



Example Campaign

Security Awareness training should be viewed as a marketing campaign. The product you are marketing is good security practices.

As with any marketing campaign where you want to increase conversion, you will want multiple touch points vs just one large touchpoint.

Here is an example program:

  • Initial training

Sample Email For Smishing / Phishing Protection



This email is from the CEO, in response to CEO fraud smishing and phishing attacks.

Hello Team,

We have been seeing an increased number of smishing (fake texts) and phishing (fake emails) impersonating me and asking you to take an action. Rest assured, I would not text or email you directly for urgent matters, but would work with the management team via our normal channels (Slack, Gmail) for example.

Please ignore these messages. Additionally, please use the appropriate feature of your provider to indicate the message is spam.

Below are examples:

If you have any questions, please contact IT or send an email to security@acme.com

Thank you,

Bruce Wayne

CEO



security-news Channel In Slack

If you have a slack workspace, we encourage creating a public security-news channel for people to see more about security happenings.

To add a channel, use the /rss subscribe <feed url> command



Vendors

Below is a list of vendors that offer security awareness training solutions.

  • Wizer Security
  • KnowBe4