Many offices are operating with a hybrid of remote and in-person workspaces as the COVID-19 pandemic continues and evolves. Wherever your team is located, security continues to be everyone’s responsibility. A refresher course in cybersecurity is a great way to help employees get back in the swing, and re-establish security best practices they may have forgotten.
Prevent Cyber Threat Actors from Taking Advantage
Cyber threat actors are always on the lookout for weaknesses they can exploit. In 2020, the transition to a remote working environment was the big concern. Now, the return to a “new normal” could be even riskier, as people regain access to secure areas and shared working spaces. Cyber-attackers will look for ways to take advantage of people’s return to the workplace, such as tricking returning employees into revealing passwords or credentials for accessing the office network and systems.
According to the 2021 Verizon Data Breach Investigations Report (DBIR), 85% of breaches involved a human element. These were primarily phishing (social engineering) and the use of stolen credentials (hacking). Cybersecurity awareness training will help keep your employees from making the kind of mistakes that could put your organization at risk.
Security Awareness and Skills Training in the CIS Critical Security Controls
Ongoing security awareness training is an important component of the cybersecurity best practices known as the CIS Critical Security Controls (CIS Controls). The CIS Controls offer prioritized and prescriptive actions that protect organizations from known cyber-attack vectors.
The recently released CIS Controls v8 includes one Control devoted specifically to security awareness and skills training (CIS Control 14). It recommends that organizations, “Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise.”
A gap analysis of the cybersecurity skills and behaviors your employees lack is an important first step. With this information, organizations can build an education roadmap to train employees and influence their behavior in order to become more security conscious. A top priority is the ability to identify social engineering attacks such as phishing, phone scams, and impersonation calls.
Discounted SANS Training Available to SLTTs
Some of the best online cybersecurity awareness training is available through the SANS Institute, a trusted source for cybersecurity certification and research. The Center for Internet Security (CIS) is proud to collaborate with SANS to provide this training to U.S. State, Local, Tribal, and Territorial (SLTT) government entities. Now through January 31, 2022, eligible SLTT organizations can receive more than 50% off comprehensive security awareness training programs.
Source: © SANS Institute, SANS 2021 Security Awareness Report
SLTTs usually have a much smaller budget for security training than other organizations, as illustrated in the chart above. This is one of the main reasons why CIS and SANS partner to offer security training programs at an affordable cost, ensuring that critical government organizations can improve their security posture and enhance their cybersecurity readiness to better protect their staff, their citizens, and the nation.
SLTTs can access the SANS trusted and effective cybersecurity awareness training program, SANS Security Awareness, with competitive group purchasing discounts. Developed by highly experienced cybersecurity instructors and experts, SANS Security Awareness offers a customizable mix of end user training content to address relevant threats, teach security concepts that are critical to your workplace, and adhere to your organization’s corporate culture. Demos are also available for all versions of SANS Security Awareness. Employees can take online security training at home, prior to returning to the office, as easily as upon their return.
CIS Controls Training
Control 14 in the recently released CIS Controls v8 is focused on establishing and maintaining a security awareness program. If you’re interested in learning more about the latest version of the CIS Controls, auditing your security program against their recommendations, and implementing the best practices in your organization, the updated SEC566: Implementing and Auditing CIS Critical Controls course is available at a significant discount through our partnership program. Dozens of other OnDemand and Live Online courses from SANS are available as well.
More Stories
Google Street View Images Used For Extortion Scams
Attackers use Google Street View images to put pressure on victims of “sextortion” scams Read More
Scam ‘Funeral Streaming’ Groups Thrive on Facebook
Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends...
Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack
The suspected creator of Ghost, an encrypted communication platform allegedly used by organized crime groups worldwide, has been arrested Read...
Introducing LevelBlue’s 24/7 Managed Threat Detection and Response Service for Government
As new threat vectors emerge and cybercriminals leverage sophisticated technologies to orchestrate more targeted attacks, staying ahead of threats is...
AT&T Agrees $13m FCC Settlement Over Cloud Data Breach
Telco giant AT&T will pay the FCC $13m to resolve a cloud breach investigation Read More
CISA Issues Advice to Help Eliminate XSS Bugs
The US Cybersecurity and Infrastructure Security Agency is trying to eradicate cross-site scripting vulnerabilities Read More