Fool Me Once, Give Me Malware

Don’t let Shirley in Accounting download malware disguised as a cute cat video. Learn best practices for cultivating user security awareness today.

Seventy-seven percent of successful social engineering attacks originate from a phishing email.

All of the iron-clad policies, firewalls, and patches won’t protect an organization from malicious threats, if the people working there don’t understand the consequences of opening emails, links, and attachments from untrusted sources.

People are forgetful and curious— basically the bane of proper IT security. Because of this, one-time seminars and inconsistent reminder emails are insufficient to help them become security champions. The organization must commit to creating a culture of security awareness, which heavily relies on staff buy-in and C-level enforcement.

Direction must come from the top.

Security is everyone’s responsibility, and if that message is embraced at the C-level, it will resonate throughout the enterprise. Executives must be held accountable for completing security awareness training in full and take part in reward and disciplinary functions to reinforce the importance of creating a culture of awareness.

Consistency, thoroughness, and reinforcement are key.

The success of a security awareness program is measured by the positive habits it helps to form in employees. The goal is to shape behaviors that become second nature. Send weekly newsletters with interesting facts or highlight an employee’s success in thwarting an attack. Create dynamic, interactive content that builds on employee knowledge.

The bottom line…

There is no deadline for an effective security awareness program. It’s an organic process that takes time and persistence. At Securance, we offer social engineering assessments, such as email phishing, phone pretexting, baiting, and tailgating, to reveal weaknesses in security awareness and physical controls. We document any flaws we identify and provide actionable recommendations for remediation, so our clients’ employees become a strong line of defense against security breaches.

For a real-life example of a successful user security awareness program and critical guidance on how to develop a program of your own, download our white paper: Unscammable: The Guide to Fostering a Culture of Security Awareness.