Many offices are operating with a hybrid of remote and in-person workspaces as the COVID-19 pandemic continues and evolves. Wherever your team is located, security continues to be everyone’s responsibility. A refresher course in cybersecurity is a great way to help employees get back in the swing, and re-establish security best practices they may have forgotten.
Prevent Cyber Threat Actors from Taking Advantage
Cyber threat actors are always on the lookout for weaknesses they can exploit. In 2020, the transition to a remote working environment was the big concern. Now, the return to a “new normal” could be even riskier, as people regain access to secure areas and shared working spaces. Cyber-attackers will look for ways to take advantage of people’s return to the workplace, such as tricking returning employees into revealing passwords or credentials for accessing the office network and systems.
According to the 2021 Verizon Data Breach Investigations Report (DBIR), 85% of breaches involved a human element. These were primarily phishing (social engineering) and the use of stolen credentials (hacking). Cybersecurity awareness training will help keep your employees from making the kind of mistakes that could put your organization at risk.
Security Awareness and Skills Training in the CIS Critical Security Controls
Ongoing security awareness training is an important component of the cybersecurity best practices known as the CIS Critical Security Controls (CIS Controls). The CIS Controls offer prioritized and prescriptive actions that protect organizations from known cyber-attack vectors.
The recently released CIS Controls v8 includes one Control devoted specifically to security awareness and skills training (CIS Control 14). It recommends that organizations, “Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise.”
A gap analysis of the cybersecurity skills and behaviors your employees lack is an important first step. With this information, organizations can build an education roadmap to train employees and influence their behavior in order to become more security conscious. A top priority is the ability to identify social engineering attacks such as phishing, phone scams, and impersonation calls.
Discounted SANS Training Available to SLTTs
Some of the best online cybersecurity awareness training is available through the SANS Institute, a trusted source for cybersecurity certification and research. The Center for Internet Security (CIS) is proud to collaborate with SANS to provide this training to U.S. State, Local, Tribal, and Territorial (SLTT) government entities. Now through January 31, 2022, eligible SLTT organizations can receive more than 50% off comprehensive security awareness training programs.
Source: © SANS Institute, SANS 2021 Security Awareness Report
SLTTs usually have a much smaller budget for security training than other organizations, as illustrated in the chart above. This is one of the main reasons why CIS and SANS partner to offer security training programs at an affordable cost, ensuring that critical government organizations can improve their security posture and enhance their cybersecurity readiness to better protect their staff, their citizens, and the nation.
SLTTs can access the SANS trusted and effective cybersecurity awareness training program, SANS Security Awareness, with competitive group purchasing discounts. Developed by highly experienced cybersecurity instructors and experts, SANS Security Awareness offers a customizable mix of end user training content to address relevant threats, teach security concepts that are critical to your workplace, and adhere to your organization’s corporate culture. Demos are also available for all versions of SANS Security Awareness. Employees can take online security training at home, prior to returning to the office, as easily as upon their return.
CIS Controls Training
Control 14 in the recently released CIS Controls v8 is focused on establishing and maintaining a security awareness program. If you’re interested in learning more about the latest version of the CIS Controls, auditing your security program against their recommendations, and implementing the best practices in your organization, the updated SEC566: Implementing and Auditing CIS Critical Controls course is available at a significant discount through our partnership program. Dozens of other OnDemand and Live Online courses from SANS are available as well.
More Stories
Salt Typhoon’s Reach Continues to Grow
The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon. Read More
Majority of UK SMEs Lack Cybersecurity Policy
Insurance firm Markel Direct found that 69% of UK SMEs lack a cybersecurity policy, with a significant lack of basic...
Happy 15th Anniversary, KrebsOnSecurity!
Image: Shutterstock, Dreamansions. KrebsOnSecurity.com turns 15 years old today! Maybe it’s indelicate to celebrate the birthday of a cybercrime blog...
CISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration
The US Cybersecurity and Infrastructure Security Agency’s 2024 Year in Review marks Jen Easterly’s final report before resignation Read More
Casino Players Using Hidden Cameras for Cheating
The basic strategy is to place a device with a hidden camera in a position to capture normally hidden card...
Friday Squid Blogging: Squid on Pizza
Pizza Hut in Taiwan has a history of weird pizzas, including a “2022 scalloped pizza with Oreos around the edge,...