Howdy, if you are new to the series start here. If you are caught up, welcome back! Today we are talking about an incredibly important security topic for small business, Security Awareness. It is probably the single biggest bang for buck in terms of real risk reduction. Security Awareness Training…training can be a boring topic…hence the cool plane above :). But, what makes small business leaders successful is we don’t shy away from boring if it is what the team needs. In this case the answer is training. There are some very good platforms for providing this training at a very affordable monthly price and I’m happy to recommend my favorite if you message me. This training should include the following features that are useful for small business:
- Regular, short training videos that don’t berate your employees and don’t make them want to fall asleep. These videos should preferably be humans not cartoons and should be automatically delivered to your employees. The platform should give you some ability to validate your employees have completed their training.
- Simulated Phishing exercises that are done for you as part of the monthly service cost. In this service the company should emulate a criminal and try to trick your employees into clicking on “evil” but safe training links or entering their passwords into “evil” but safe training websites designed to trick them. Preferably this should deliver training to your employees immediately at “point of click” when they mess up. This training should aim to uplift and instruct…never berate or put down.
Such ongoing training is critical as the most popular type of cybercrime (according to the FBI) is email based fraud. This includes scams like the classic “Nigerian Prince” to much more sophisticated attacks like one suffered by somebody close to me recently. One of their vendor’s email systems was compromised and the criminals used their email to send malware to all of that vendors customers. The victims had very little reason to suspect anything bad coming from their “trusted” vendor partner…but in the email were telltale signs that security training could have helped the employees to recognize and take the extra step of picking up the phone to validate. As always, if you have any questions please connect with me and I’d be happy to discuss. Happy Hunting!