Perform security awareness training and testing
You’re only as strong as your weakest link, and when it comes to security, that link is your employees. Any one of them could open an email and interact with a phishing link, compromising and locking you out of your business systems. And with more employees working from home due to the pandemic, cyberthreats have only increased in number.
Regular security awareness training is essential to keeping employees updated and educated on security threats and all the ways cybercriminals will try to infiltrate your systems.
Next steps
• Create a security awareness training plan and stick to it: Best practices include selecting a newsletter, such as WipfliSecurity Weekly, that you can send out to users on a weekly basis, which will help keep security and awareness in your employees’ minds more frequently.
• Conduct longer training quarterly: Ensure that training is updated and aligns with current events and is meaningful and that all employees are required to take it.
• Conduct monthly phishing campaigns: Make these test phishing emails as difficult as possible so users start to identify what a potential phishing email may look like so they are less likely to be fooled by real phishing emails.
SOURCE: WIPFLI