4 Keys to Building a Security Awareness Training Program

How effective is a home security alarm system if somebody leaves your front door open?  Or a password if you are going to write it on a sticky note and leave it on your desk? Most people would agree that both of these examples show a lack of security awareness and common sense.  This is because in the physical world it is rather easy to detect poor security awareness

Man on laptop hacking computer.

Now let’s move to the digital world where criminals persistently target people in order to gain access to computer networks. Why? Nobody really knows but one can safely assume it is for financial gains. According to IBM’s latest annual Cost of a Data Breach study, the average data breach now costs up to $3.92 million when you take into account both the attack and response cost.

Long gone are the days when cybercriminals would spend their efforts on outsmarting networks.  Instead, they choose to focus on what they perceive is the weakest link: the end-user.  Due to the shift in tactics companies must now rely on end-users in order to have an effective cyber security defense.   

Looking for easy targets…

Why would hackers choose to focus their tactics on people and not machines? Well, there are many factors, but it comes down to one thing:  convenience.  You see hackers are much like gamblers in that they are looking for low-risk high reward opportunities. 

Picture of man pointing at sign that reads social engineering.
Social engineering attacks are on the rise.

Cybersecurity professionals refer to this tactic as social engineering. Social engineering, in the context of information security, is the psychological manipulation of people into performing actions or divulging confidential information. 

A recent report showed that the number of successful attacks in 2017 was at 79 percent. That number follows an upward trend. In 2014, only 62 percent of social engineering attacks were successful. It rose to 71 percent in 2015 and then 76 percent a year later.

In case you are thinking your company is immune to this trend here are 10 famous social engineering attacks

60 Percent of Small Companies Close Within 6 Months of Being Hacked
  • Shark Tank
  • Toyota
  • Cabarrus County
  • Ethereum Classic
  • Democratic Party
  • Ubiquiti Networks
  • Sony Pictures
  • Target
  • SC Department of Revenue
  • RSA

Even with all the alarming data, not everything is doom and gloom.  It turns out that with proper security awareness training & support companies can significantly reduce their cybersecurity risks.

Building a Security Awareness Training Program

Let’s get one thing clear:  There is no universal format for security awareness training.  Fortunately, there are guidelines and best practices that organizations can incorporate into their customized program. The acronym T.E.A.M is a convenient way to summarize the 4 keys to starting or enhancing a security awareness training program. 

4-Keys of T.E.A.M: Team, Empower, Adjust, and Monitor:

1. Test

Testing is the first step to an effective security awareness program.  Like tryouts for a basketball team, testing allows an organization to know its strengths and weakness.  With the right support, that information can be the foundation of an effective awareness program. 

How can you evaluate the threat landscape and identify top risks?  Testing.  How can you assess the effectiveness of the measures you have put in place? Testing.   How can you be prepared for evolving threats?  Yes, you guessed it.  Testing.

Key Insight #1: Each organization needs to decide which test is appropriate to their operational needs.  Work with your penetration test provider to see what options are available for your organization. 

2.      Empower

After identifying risks and assessing your cybersecurity posture, it’s time to empower your organization.  Successful security awareness programs combine awareness and training with cybersecurity education that is specific to an organization’s threat landscape.  This combination helps create a strong culture of security awareness that empowers all users.

Key Insight #2:  Be creative about how you involve users by using different methods such as videos, quizzes, and realistic phishing simulations to keep users engaged. 

3. Adjust

Now that you have a good picture of the threat landscape and engaged users on your team, you are ready to start making adjustments that will reduce exposure.  This step requires that you establish tools and outlets that users can use to swiftly report suspicious cyber activities.

While this will require that users adapt to new reporting methods and online behavior it will pay off in the long run and strengthen your organization’s cyber hygiene. 

Key Insight #3:  Cyber hygiene is a reference to the practices and steps that users of computers and other devices take to maintain system health and improve online security. These practices are often part of a routine to ensure the safety of identity and other details that could be stolen or corrupted. 

4. Monitor

The “M” in T.E.A.M stands for monitor and to accomplish this step an organization needs measurement tools that allows them to assess progress, collaborate and adjust as needed. 

As with the previous steps, there are no universally recognized methods to measure cybersecurity improvements.  Thankfully, there are practical ways to gauge the effectiveness and efficiency of the measurements an organization has put in place.

This can be accomplished in various ways but here are three practical points to consider:

  1. Establish a Baseline:  An organization can accomplish this by analyzing simulated phishing failure rates and knowledge assessment results.
  2. Analyze the data:  Ensure that the cybersecurity team is evaluating the progress of the security awareness training program.
  3. Follow up:  You can’t have a baseline without data and data is of little worth without proper follow up.  Organizations should rely on their cybersecurity team and partners to measure improvements where it matters most: the end-user.

Key Insight #4:  Cybersecurity effectiveness can be calculated by how much time lapses between the detection of a threat and when appropriate action is taken. An organization needs to find an objective method of calculating recovery time.

Starting or enhancing a security awareness training program is an important component of cybersecurity.  By using the T.E.A.M. approach, organizations can smartly test their current measures, understand their threats, and empower their employees to overcome the many cybersecurity threats that are coming their way. 

Tunisia targeted lockdown measures are proving effective

Tunisia Security Update

Your #1 Source for Travel & Security News IMPACTING Tunisia.


Update Icon of Colored Outline style - Available in SVG, PNG, EPS ...UPDATE:  Tunisia targeted lockdown measures are proving effective as it marked 3 consective days without any new confirmed COVID-19 cases.

Source: NFA, May 12, 2020

Employees at a Tunisian factory are churning out 50,000 face masks a day and other protective medical gear.

Data Insight Svg Png Icon Free Download (#532568) - OnlineWebFonts.COMKey INSIGHT:  Director General of the National Observatory of New and Emerging Diseases Nissaf Ben Alaya said:

“It would take at least 40 days without any new infection to be able to say that Tunisia has gone beyond this phase, due to the fact that the zero case does not mean that the virus no longer exists.”

Security | Free IconSecurity INSIGHT: Tunisia has started to ease lockdown measures, pointing to the relative success of the restrictions it imposed early on in the pandemic.  although schools will largely remain closed until September. Hairdressers officially opened on Monday, while cafes and mosques are due to reopen on 24 May.

Tunisia Receives Drones from China to aid COVID-19 fight

Tunisia’s nationwide lockdown began March 22, when it had just 75 confirmed cases. The UK, by contrast, did not impose a national lockdown until it had over 6,000 cases, while Italy did not go ahead with the measure until it recorded more than 9,000. Tunisia also took the early step of quarantining patients with mild symptoms in designated facilities such as hotels rather than allowing them to isolate at home as in Italy — a policy that doctors now say was a fatal flaw.


Working in Tunisia?

Get ACCESS to helpful Security Reports:

Customized Safety & Security Briefing for employees.



 

Globe Planet Travel Plane Svg Png Icon F #1505326 - PNG Images - PNGioTravel:  At the time of this writing, both the U.S. and UK embassies advises against all but essential international travel

Authorities strictly enforced lockdown measures in high-risk areas, patrolling the streets and even arresting those in violation of quarantine and social distancing regulations.

Civil society groups and private businesses also played an important role in helping fight the virus. Some 150 Tunisian employees of a factory helped make face masks more accessible by self-isolating at their facility in order to produce 50,000 per day. Meanwhile, numerous start-ups and civil society groups mobilized to develop and provide innovative medical protective gear to hospitals and deliver aid packages to those in need.



Operating in Tunisia?

Find out how you can have access to reliable security information & support.



 

Traveling family ‘stuck’ on a Mediterranean island due to Covid-19

Tunisia Security Update

Your #1 Source for Travel & Security News IMPACTING Tunisia.


Update Icon of Colored Outline style - Available in SVG, PNG, EPS ...UPDATE: As the novel coronavirus stops globetrotters and other adventure travelers in their tracks, one French family of nomads is waiting out the lockdown on a Tunisian island in the Mediterranean.

Source: AFP, May 8th 2020

Data Insight Svg Png Icon Free Download (#532568) - OnlineWebFonts.COMKey Article INSIGHTTunisia has officially declared over 600 positive Covid-19 cases, including 25 deaths, since reporting its first case at the beginning of March.

Tunisia has officially declared over 600 positive Covid-19 cases, including 25 deaths, since reporting its first case at the beginning of March.

Security | Free IconSecurity INSIGHT: Tunisia started the first stage of the national strategy for a partial lifting of lockdown which includes three phases: from May 4 to 24, from May 24 to June 4, and from June 4 to 14.

Globe Planet Travel Plane Svg Png Icon F #1505326 - PNG Images - PNGioTravel:  At the time of this writing, both the U.S. and UK embassies advises against all but essential international travel.


Operating in Tunisia?

Find out how you can have access to reliable security information & support.


 

Are protests in Michigan and Texas just the beginning?


With the growing economic challenges in the US, civil unrest is becoming a real threat


Lock her up!': Anti-Whitmer coronavirus lockdown protestors swarm ...

Update Icon of Colored Outline style - Available in SVG, PNG, EPS ...UPDATE: Coronavirus lockdowns across the US have fueled record unemployment and deep economic uncertainty.-Business Insider-April 28, 2020

Data Insight Svg Png Icon Free Download (#532568) - OnlineWebFonts.COMKey INSIGHT: With a growing number of people frustrated by the mandated lockdown coupled with high unemployment numbers; the US could reach a tipping point where social unrest becomes a serious issue.

“There’s no doubt this is going to have huge economic and social impacts, and the worse it is, the more likely that people are going to get to the point where social action is the only move forward,” Kendrick said.


Armed Protesters In Mich. Rally Against Emergency Measures

Security INSIGHT: Anti-government demonstrations could become more widespread: On Saturday, several dozen protesters disobeyed social distancing guidelines at a rally at the Capitol building in Austin, Texas, against the state’s lockdown policy.



Need actionable & reliable Security Risk Information? 


Tunisia RE-OPENS …May the 4th be with them!

Tunisia Security Update

Your #1 Source for Travel & Security News IMPACTING Tunisia.


Update Icon of Colored Outline style - Available in SVG, PNG, EPS ...UPDATE: Tunisia on Monday relaxed lockdown measures with an initial phase of gradual reopening for the vital sectors of the economy, society and exports.

Source: AAWSAT, May 4th 2020

Data Insight Svg Png Icon Free Download (#532568) - OnlineWebFonts.COMKey Article INSIGHT: Tunisian officials reported that it had recorded four new COVID-19 infections in the country over the previous 24 hours, bringing the total number to 1,013. The health ministry statement noted that 42 people who had tested positive for the virus had died in the country and that 328 have recovered thus far.

Security | Free IconSecurity INSIGHT:  Over the last few days there’s been an uptick in civil discontent in response to the government’s COVID-19 response.  While the issue was addressed by government officials, the development adds additional risk to organizations in Tunisia.

COVID-19 will have a NEGATIVE IMPACT on Tunisian Tourism…

Globe Planet Travel Plane Svg Png Icon F #1505326 - PNG Images - PNGioTravel:

The US embassy is working to schedule one additional repatriation flight for US citizens on May 7. See details here:

At the time of this writing, both the U.S. and UK embassies advises against all but essential international travel.


Operating in Tunisia?

Find out how you can have access to reliable security information & support.


 

Tunisia to REOPEN Economy in Stages…

Tunisia Security Update

Your #1 Source for Travel & Security News IMPACTING Tunisia.



Update Icon of Colored Outline style - Available in SVG, PNG, EPS ...UPDATE: Tunisia to reopen economy in stages…

The lockdown will begin to be eased on May 4. Further easing after May 11 will include clothing shops and malls

Data Insight Svg Png Icon Free Download (#532568) - OnlineWebFonts.COMKey Article INSIGHT:  The lockdown will begin to be eased on May 4. Further easing after May 11 will include clothing shops and malls, said Lobna Jribi, the minister in charge of major projects.

Tentative Stages: 

Stage 1 – May 4th- “Essential Workers + Supporting elements”

What you need to know:  On May 4th, a gradual lifting of the confinement measures will take place. The confinement measures will vary slightly from region to region and includes essential workers and workers in supporting ministries & industries.

Stage 2- May 11th “General Public” Re-open

This stage will include the general public including clothing shops, coffee shops and open markets.

Important to NOTE:  The Tunisian government will provide further detail about the new measures before May 4th.  


Security | Free IconSecurity  INSIGHT: The lockdown, according to Health Minister Abdelatif el-Makki has stopped 25,000 cases of the virus and 1,000 deaths.  Tunisia, has about 500 intensive care beds, has confirmed fewer than 1,000 cases in all.


Globe Planet Travel Plane Svg Png Icon F #1505326 - PNG Images - PNGioTravel:  At the time of this writing both the U.S. and UK embassies advises against all but essential international travel.


Operating in Tunisia?

Find out how you can have access to reliable security information & support.


 

Annual Jewish pilgrimage to Tunisia’s Ghriba synagogue CANCELED

Tunisia Security Update

Your #1 Source for Travel & Security News IMPACTING Tunisia.


Update Icon of Colored Outline style - Available in SVG, PNG, EPS ...UPDATE: Annual pilgrimage to Tunisia’s Ghriba synagogue CANCELED.

Jews gather at the Ghriba synagogue in Tunisia’s Mediterranean resort island of Djerba on the first day of the annual Jewish pilgrimage to the synagogue on May 2, 2018. (AFP Photo/Fethi Belaid)-Source: TOI April 21, 2020


Data Insight Svg Png Icon Free Download (#532568) - OnlineWebFonts.COMKey Article INSIGHT: The annual pilgrimage was scheduled for May 7-13.  Hundreds of Israelis, many of them of Tunisian origin, traditionally visit the synagogue for the annual pilgrimage.

The Jewish community on Djerba dates back nearly 2,600 years, much longer than the Christian or Muslim presence on the island.


Security | Free IconSecurity  INSIGHT: Tunisia’s small Jewish community is still recovering from a suicide bombing claimed by Al-Qaeda at the synagogue in 2002 that killed 21 people. Before that, some 8,000 pilgrims used to travel to Djerba for the annual celebration.

Globe Planet Travel Plane Svg Png Icon F #1505326 - PNG Images - PNGioTravel:  At the time of this writing both the U.S. and UK embassies advises against all but essential international travel.


Operating in Tunisia?

Find out how you can have access to reliable security information & support.


 

VIDEO UPDATE: Tunisia travel…Pre-Flight COVID-19 tests

Tunisia Security Update

Your #1 Source for Travel & Security News IMPACTING Tunisia.


VIDEO UPDATE


Update Icon of Colored Outline style - Available in SVG, PNG, EPS ...Travel UPDATE:

Ahead of boarding their Emirates flight from Dubai to Tunisia on April 15th, masked passengers were given blood tests for Covid-19, with results delivered within 10 minutes. Emirates, which claims to be the first airline to perform these tests.

Data Insight Svg Png Icon Free Download (#532568) - OnlineWebFonts.COMKey INSIGHT: Other airlines are considering different approaches: Earlier this month, Etihad, also based in the United Arab Emirates, announced that it was currently testing new kiosks in Abu Dhabi.

Security | Free IconSecurity INSIGHT:  The outbreak is hitting Tunisia’s tourism sector, which represents nearly 10% of gross domestic product (GDP) and is a key source of foreign currency, particularly hard.

Globe Planet Travel Plane Svg Png Icon F #1505326 - PNG Images - PNGioTravel Guidelines:  At the time of this writing both the U.S. and UK embassies advises against all but essential international travel.


Operating in Tunisia?

Find out how you can have access to reliable security information & support.


 

Tunisia extends COVID-19 LOCKDOWN to May 4th…

Tunisia Security Update

Your #1 Source for Travel & Security News IMPACTING Tunisia.


Don't defy coronavirus lockdown rules, or this robot will call you ...
Read Full Article…

Update Icon of Colored Outline style - Available in SVG, PNG, EPS ...UPDATE: Tunisia extends coronavirus lockdown to May 4th

Source: Reuters April 19, 2020

Data Insight Svg Png Icon Free Download (#532568) - OnlineWebFonts.COMKey Article INSIGHT: The North African country has confirmed 866 cases of the coronavirus and 37 related deaths, and has imposed a lockdown since March. 20.

Security | Free IconSecurity INSIGHT:  The outbreak is hitting Tunisia’s tourism sector, which represents nearly 10% of gross domestic product (GDP) and is a key source of foreign currency, particularly hard.

Globe Planet Travel Plane Svg Png Icon F #1505326 - PNG Images - PNGioTravel:  At the time of this writing both the U.S. and UK embassies advises against all but essential international travel.


Operating in Tunisia?

Find out how you can have access to reliable security information & support.


 

3 Lessons from the Queen’s COVID-19 Speech that we can ALL learn from today…

On Sunday, April 5th Britain’s Queen Elizabeth II addressed the nation in a rare televised speech and called for unity amid the coronavirus pandemic.

What she said was EMPOWERING!

After reviewing her speech I was able to pull out 3 Lessons that we can all benefit from during these challenging times.

Lesson#1- Think BIG Picture!

Together we are tackling this disease, and I want to reassure you that if we remain united and resolute, then we will overcome it,” the Queen said. “I hope in the years to come everyone will be able to take pride in how they responded to this challenge.”

Speaking in a pre-recorded video shot at Windsor Castle, the Queen took on a forward-thinking tone. As we deal with this unprecedented crisis many of us are looking for the “light at the end of the tunnel” and when the Queen stated “in the years to come everyone will be able to take pride…” she enabled her audience to look past the current situation and consider the BIG picture.

Big picture thinking enables people to let go of their current fears and consider that no matter how bad things are now this too…shall pass.

“If you think small, your world will be small. If you think big, your world will be big.” — Paulo Coelho

Lesson #2-TEAM Work makes things work!

“The moments when the United Kingdom has come together to applaud its care and essential workers will be remembered as an expression of our national spirit; and its symbol will be the rainbows drawn by children,” she said.”

Everyone agrees that teamwork is essential to success yet it is seldom practiced in corporation and governments. When the Queen highlighted the amazing work of her nation’s essential workers she motivated them and Maslow’s hierarchy shows us that recognition is the KEY to organizational success.

Lesson #3- Authenticity is EMPOWERING!

This “challenging” time…”It reminds me of the very first broadcast I made, in 1940, helped by my sister. We, as children, spoke from here at Windsor to children who had been evacuated from their homes and sent away for their own safety,” the Queen said, adding “today, once again, many will feel a painful sense of separation from their loved ones.”

By sharing a personal story about a challenging time in her life, the Queen was able to create an “authentic moment”. Authentic leaders share stories to connect with their audience.

In this case the Queen talked about a time of great uncertainty (WWII) and how she was able to positively contribute in her own small way. This story is very powerful on many levels. Most importantly it makes her appear “human”…a viewer could easily think “oh ….wow…the Queen was once a child and she went through World War II…” This realization leads to a connection that cultivates courage in the sense of “if she can do it so can I!”.

@DavidSecurity Take

Security professionals can take a lot from the Queen speech because we’re often in a position to advise, empower and lead others.

By thinking BIG we can liberate ourselves from the current “crisis” and think long term. Teamwork is something we can never have too much of because security is all about collaboration. Lastly, the only way that people and organizations will listen to us in challenging moments is if we’re authentic.

Let’s all learn to apply the Queen’s lessons and use her story as fuel to get past this challenging time.

Stay Safe…Live Healthy!