Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
How Security Teams Can Reinforce End-User Awareness
Training programs provide the information, but security teams can reinforce these for better end-user education.
4 Min Read
Source: Yee Xin Tan via Alamy Stock Photo
Cybersecurity awareness programs typically fail to provide end users with meaningful experiences that help them truly learn better practices. Employees often find the technical controls barriers to their daily work routines, thus creating resistance and frustrating security practitioners. But when security teams explain to employees how their work reinforces cyber-awareness training, they help build meaningful educational experiences rooted in best practices.
Here are a few examples.
Understand User Behavior
While employees may know best practices, they may not have insight into how their activities can affect the organization's security posture.
Generally, awareness training will teach end users about avoiding risky behaviors through:
Password protection: Strong password best practices, sharing risks, storing options
Multifactor authorization (MFA): Definitions, importance, usage best practices
Identification of sensitive information: Names, birth dates, addresses, Social Security numbers, emails
Safe data sharing: Sharing with a link, setting access in shared drives, downloading information
Whether accidentally or maliciously, employees sometimes deviate from best practices. Further, organizations often have trouble limiting access according to the principle of least privilege. Users moving from one department to another often take their historic access with them.
Security teams can support best practices by explaining how they set user behavior baselines and gain visibility into anomalous behavior by:
Forcing character requirements
Disallowing reuse of recent passwords
Monitoring for failed logins
Reviewing user access to systems and applications that store, process, or transmit sensitive data
Setting alerts for out-of-band attributes like anomalous IP addresses, geographic locations, or times of day
Focus on Ransomware
With the increase in ransomware attacks, organizations need to focus on them as part of a strong security awareness program.
A company's security awareness program most likely focuses on teaching employees how to spot phishing attacks. Often, these trainings include:
Suspicious email detection: Fake email addresses, spelling errors, embedded hyperlinks
Phishing simulations: Fake phishing emails that send reports when users click the link
Safety precautions: Never click a link, never download a file, beware of fake share file (like Google Drive or SharePoint) links
Explaining how the security team aggregates and correlates risks supports these training initiatives. Monitoring and setting alerts for the following can help reinforce ransomware training:
Outdated antivirus/anti-malware on devices
Email and Web application server monitoring
Packet loss or network congestion indicating command and control server communications
Securing Endpoints
Securing endpoints goes beyond monitoring for and mitigating the risk of ransomware or malware. Often, endpoint security risks include activities like updating software or using personal devices.
Cybersecurity awareness training focuses on the types of risks that employees bring with them, including:
Physical device security: Password-protecting devices, potential device theft or loss
Security patches: Installing on personal devices
Maintaining factory settings: Not using "jailbroken" phones on corporate systems
Removable media: Risky USBs or charging cords that can plug into devices
To help support end users, security professionals can explain and show how they monitor networks for devices connecting to them. Enhancing endpoint security through examples might include showing how the security team monitors:
Software versioning
Secure configurations like security technical implementation guides (STIGs) or CIS baselines
Recent security patch installations
Alerts from intrusion detection systems (IDS)
Safe Internet Habits
With more people working remotely, cybersecurity awareness training around safe Internet habits has become even more important. To protect remote workforces, companies need to drive home the importance of risks arising from "work from anywhere" models.
Generally, cybersecurity awareness training focuses end users on:
Public Wi-Fi use: Limiting insecure wireless connections to prevent man-in-the-middle attacks
Virtual public networks (VPNs): Encrypting data-in-transit
Website security: Reviewing URL for HTTPS
Social media scams: Being wary of links or downloads in direct messages or posts
To support end-user awareness training, cybersecurity professionals and IT teams can explain how they set controls and monitor the following:
Denying access from unknown IP addresses
Denying organization-owned devices from accessing social media websites
Setting administrative controls for organization-owned devices that disallow installation of unapproved applications
Use URL and Web filtering rules in firewalls to enforce HTTPS connections
Monitoring geolocation of login using SD-WAN to enforce encryption of data-in-transit
Teamwork Makes the Security Education Dream Work
An effective cybersecurity awareness program builds a strong culture of security that bridges the gap between technical and non-technical employees. Training programs provide the information, but education offers a more thorough understanding that builds better habits.
By acting as a team within the organization, line-of-business and technical teams can create more robust security practices, build stronger relationships, and reduce resistance to protective controls.
About the Author
You May Also Like
More Insights
