Theres an old saying that If you create a system that any idiot can use, then only idiots will find it useful. And while many companies and organizations may feel compelled to dumb down their training and awareness programs to foster safe computing practices online that can help to avoid fraud, theft, and loss, they must remember that they do so at their own peril. Well-informed users will also be well-equipped to recognize phishing scams and other forms of social engineering that they will inevitably encounter in their inboxes, on Web sites, in social networking venues, and even in Twitter feeds.
Employers will benefit their users if they regularly publicize current scams that might target their workers. These can take the form of e-mail bulletins, employee newsletter articles, podcasts, or other types of messaging to warn users about phishing scams (with examples, if at all possible), drive-by downloads, the inadvisability of opening unexpected e-mail attachments, and provide them with basic, no-nonsense information about when and how to divulge sensitive information of any kind, including account and password data, credit card or account numbers, and other information that might lead to identity theft or direct financial losses.
Internet security awareness is no set it and forget it phenomenon. Its an ongoing process that begins with basic education and illustrations along with explanations of the risks, exposures and potential losses involved. But this process must also continue over time with regular ongoing reminders about current threats, attacks, and risks, and information about how to avoid trouble whenever possible, but also how to deal with trouble when it comes knocking at the door. Thats why Internet Security Awareness Training is best administered as part of a regular program of employee education and development.
Stu Sjouwerman
Employers will benefit their users if they regularly publicize current scams that might target their workers. These can take the form of e-mail bulletins, employee newsletter articles, podcasts, or other types of messaging to warn users about phishing scams (with examples, if at all possible), drive-by downloads, the inadvisability of opening unexpected e-mail attachments, and provide them with basic, no-nonsense information about when and how to divulge sensitive information of any kind, including account and password data, credit card or account numbers, and other information that might lead to identity theft or direct financial losses.
Internet security awareness is no set it and forget it phenomenon. Its an ongoing process that begins with basic education and illustrations along with explanations of the risks, exposures and potential losses involved. But this process must also continue over time with regular ongoing reminders about current threats, attacks, and risks, and information about how to avoid trouble whenever possible, but also how to deal with trouble when it comes knocking at the door. Thats why Internet Security Awareness Training is best administered as part of a regular program of employee education and development.
Stu Sjouwerman
