Select Page

NIST Security Requirements: Cybersecurity Training

For all companies, cybersecurity training is an essential part of creating a team that is ready to protect against cyber attacks. It has also recently become a requirement of the NIST SP 800-171 regulation to effectively train employees. Section 3.2 of the NIST documentation, “Awareness and Training,” states that it is required of managers, system administrators, and users of organizational information systems to be made aware of the security risks associated with their activities as well as the policies that apply. Also, specific organizational personnel must be well-trained to carry out their assigned duties relating to cybersecurity. Finally, and most importantly, all organizational members must be well-trained in recognizing and reporting potential insider threats. Why is it Important? Cybersecurity training is extremely important for many reasons. First, as stated above, it is required for all organizations who have contracts with the Department of Defense to comply with the NIST SP 800-171 standard, which requires adequate security training. If you are not demonstrating that you have this training within your business, you would fall out of compliance with NIST SP 800-171. Second, cybersecurity training is one of the most effective ways to prevent potential data losses, breaches, and/ or any potential problems that could affect the infrastructure of your organization. The following statistics give real insight into the need for cybersecurity training:

  • “1 in 5 workers let family and friends use company laptops and PCs to access the Internet”
  • “More than half connect their own devices or gadgets to their work PC…a quarter of who do so every day”
  • “1 in 10 confessed to downloading content at work they should not”
  • “Two thirds admitted they have a very limited knowledge of IT Security”

Training Topics There are a few areas that must be covered during adequate cybersecurity training. These include training in physical security, desktop security, wireless network security, password security, phishing protocols, malware, and file sharing and copyright. Physical Security Physical security pertains to protecting your tangible assets. For example, employees should be locking office doors, desk drawers, file cabinets, etc. Employees should also be trained to disallow non-organizational members into the company building without prior authorization. Desktop Security Desktop security is similar to physical security. This type of security pertains to the employee having a password-protected computer, as well as locking their computer every single time they walk away from their desk. Employees should also be trained to shut down their computers at the end of each business day. Wireless Network Security Wireless network security relates to making employees aware of the unsecure nature of wireless networks, and focusing on the fact that employees cannot store any sensitive data on laptops that will be accessing a wireless network. Password Security Password security training should include teaching employees what a strong password consists of, as well as going over the organization’s minimum password requirements. Employees should be made aware that passwords should not be written down, left out in the open, or shared with anyone else in the office. Phishing Protocols Phishing protocols include training employees to avoid clicking on links in emails and sharing any personal information that is requested in an email such as bank information or social security number. Malware Malware is another important item that needs to be addressed during cybersecurity training because there are so many types of malware and it is important that employees be able to distinguish between them, and know what to do when they encounter them. Viruses are a huge issue nowadays, and it is important that employees be able to identify one when they see it. Other types of malware that need to be discussed are worms, trojans, and spyware and adware. Training Opportunities We are excited to announce that NeQter Labs has recently partnered with a cybersecurity awareness training firm, InteProIQ, who offers solutions such as OnePhish Phishing Simulation, WorkWise Cyber Security Awareness Training, Insider Threat Awareness, and Workplace Violence Awareness. These training options offer clear, informative, and helpful topics that help raise your employees’ cybersecurity awareness. Using InteProIQ will help save your organization time and money. Reach out to a NeQter Labs team member by phone or email for more information: info@neqterlabs.com, (401)-608-6522.
Resources

https://www.sans.org/reading-room/whitepapers/awareness/importance-security-awareness-training-33013

https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-171.pdf

https://www.inteproiq.com/

Related Posts

TAKE YOUR ASSESSMENT

Schedule time with me

TAKE YOUR ASSESSMENT

Schedule time with me
1