October is National Cybersecurity Awareness month

October is National Cybersecurity Awareness month and cyber security company eSentire has shared some tips and best practices on a variety of topics with us. This week’s focus is phishing attacks and the importance of security awareness training.

According to eSentire, phishing continues to be a popular attack vector. The company’s most recent threat report noted an uptick in lures mimicking shipping and eFax services observed in Q2 2018. Industries that experienced the largest amount of confirmed phishing attacks in Q2 2018 included construction, education, and marketing – likely due to frequent use of DocuSign in handling digital invoices and quotes due to remotely based business relationships and employees. Healthcare also experienced a larger diversity of phishing lures, but no one lure dominated. This is likely because healthcare providers interact with diverse groups, such as employees, other healthcare providers, managed service providers, and patients, so they are apt to use more varied technology making it easier to see different lures as familiar.

Phishing emails have grown increasingly sophisticated, designed to look like emails with legitimate professional branding. Employees need to learn to be wary of emails requesting user account credentials or personal details – and to confirm with their IT departments if they see something that doesn’t seem right (spelling mistakes, an odd return email address, other indicators, etc.)

Eldon Sprickerhoff, founder and chief innovation officer at eSentire says: “Knowing how to identify a phishing email is extremely important, but it is the just the beginning. Security awareness training highlights several different tactics used by cyber-criminals and describes how to defend against them. Training is important to any individual that has access to company data, so for most companies, that means everyone. Keep in mind though, those in HR and finance are particularly targeted as they have access to financial and employee information.

It’s important to remember that employee education will reduce the risk of a cyber-breach; however, it won’t stop criminals from trying. Learning these signs and triggers is something that can become muscle memory through regular cybersecurity training – it’s up to every organization to mandate and maintain a regular cadence around awareness training. Providing ongoing education and training to employees is the best way to protect your business in the fight against cyber-crime.”

Below are some additional tips from eSentire for employee security awareness training:

Cybersecurity training for employees should be mandatory—not just as part of new-employee orientation, but as an ongoing practice. It’s important that training is offered in a way that is engaging and memorable, so your employees will retain the information. And of course, policies must be in place to ensure employees take this training seriously.
While online training is the more modern approach, there is sometimes still a place for in-person training. In-person training allows for direct interaction with instructors, which can be more engaging for some people. The content can also be customized more easily depending on the needs of the employees. Unfortunately, this method is often more expensive and is usually offered as a “one-time thing.”
On the other hand, online training allows for consistency of messaging while being cost-effective and easily duplicable. However, with online courses, employers may need to seek out a training program that is more than a “one-time thing”. Solitary, online training can sometimes be unmotivating, so it’s important the training program is engaging, and its completion is enforced.
The solution: merge proven brain science with cybersecurity curriculum. One of the most important advances in employee knowledge approaches is something called microlearning—a technique that will totally change the face of cybersecurity awareness training because it moves the needle beyond reach to focus on improving knowledge, sustaining it and enabling employees to apply it in the real-world. Microlearning is a technique of delivering learning content in short, bite-sized bursts (from three to five minutes), several times per week, or even daily. When microlearning is delivered in a consistent, ongoing way, you can drive continuous learning, build up knowledge over time, and produce real behaviour change that’s capable of creating an embedded human layer of security protection across every part of the business. Microlearning addresses the problems associated with traditional SAT and is evolving the industry to think well beyond compliance. It’s being used at some of the world’s largest companies like Toyota and Walmart to solve the numerous challenges when knowledge-building in a corporate setting.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

PlusVision brings Deep Neural Network AI Perception to Next-Generation Vehicles

Ringway Jacobs Resurfaces Highway in World-First Gipave Trial

Intel announces Sustainable AI with World’s Largest Neuromorphic System

Revolutionizing Robotics with the Boston Dynamics Electric Atlas

Dynamic Spreading to optimizing Road Safety, Sustainability and Savings

Extracting Lithium from Mining Sites, Oil Fields and Used Batteries

FIRSTGREEN announces the ROCKEAT Electric Skid Steer Loader

Port of Long Beach selects Iteris for Multimodal Transportation Study

How Cutting-Edge Technology will Revolutionize Car Rental

Smart Construction to champion Digitalisation at Intermat 2024 with Edge 2

XCMG announces new premium G2 Crane Brand

Green Li-ion Plant to Recycle Lithium-Ion Engineered Battery Materials

Voltpost debuts Lamppost design for Electric Vehicle Charging

Bentley Systems and Worldsensing to integrate Topcon GNSS Technology

5 Common Safety Issues in Warehouses and How to Solve Them

Wirtgen to present Smarter. Safer. More Sustainable solutions at Hillhead

Arbitrage Trading to Unlock Project Financing for Construction Projects

uvex to feature #PPEthatfits at The Health & Safety Event 2024

Heavy Traffic rerouted using Acrow Steel Bridge during New Jersey Project

New Rhino Hyde Liners offered by Haver & Boecker Niagara

October is National Cybersecurity Awareness month

October is National Cybersecurity Awareness month

About The Author

Related posts