NIST Security Requirements: Cybersecurity Training
- “1 in 5 workers let family and friends use company laptops and PCs to access the Internet”
- “More than half connect their own devices or gadgets to their work PC…a quarter of who do so every day”
- “1 in 10 confessed to downloading content at work they should not”
- “Two thirds admitted they have a very limited knowledge of IT Security”
Training Topics There are a few areas that must be covered during adequate cybersecurity training. These include training in physical security, desktop security, wireless network security, password security, phishing protocols, malware, and file sharing and copyright. Physical Security Physical security pertains to protecting your tangible assets. For example, employees should be locking office doors, desk drawers, file cabinets, etc. Employees should also be trained to disallow non-organizational members into the company building without prior authorization. Desktop Security Desktop security is similar to physical security. This type of security pertains to the employee having a password-protected computer, as well as locking their computer every single time they walk away from their desk. Employees should also be trained to shut down their computers at the end of each business day. Wireless Network Security Wireless network security relates to making employees aware of the unsecure nature of wireless networks, and focusing on the fact that employees cannot store any sensitive data on laptops that will be accessing a wireless network. Password Security Password security training should include teaching employees what a strong password consists of, as well as going over the organization’s minimum password requirements. Employees should be made aware that passwords should not be written down, left out in the open, or shared with anyone else in the office. Phishing Protocols Phishing protocols include training employees to avoid clicking on links in emails and sharing any personal information that is requested in an email such as bank information or social security number. Malware Malware is another important item that needs to be addressed during cybersecurity training because there are so many types of malware and it is important that employees be able to distinguish between them, and know what to do when they encounter them. Viruses are a huge issue nowadays, and it is important that employees be able to identify one when they see it. Other types of malware that need to be discussed are worms, trojans, and spyware and adware. Training Opportunities We are excited to announce that NeQter Labs has recently partnered with a cybersecurity awareness training firm, InteProIQ, who offers solutions such as OnePhish Phishing Simulation, WorkWise Cyber Security Awareness Training, Insider Threat Awareness, and Workplace Violence Awareness. These training options offer clear, informative, and helpful topics that help raise your employees’ cybersecurity awareness. Using InteProIQ will help save your organization time and money. Reach out to a NeQter Labs team member by phone or email for more information: firstname.lastname@example.org, (401)-608-6522.