Training & Awareness
Your employees are the number one asset you have, and also the major cause of data breaches. These breaches continue to increase in frequency even though most organizations have invested heavily in putting network security devices in place. This has not stopped the breaches. Instead, hackers have found new ways to access your information; namely, through what is often the weakest link in your organization – your people, not your actual technology. Therefore, your staff has become the preferred first target of an attacker. You can change this dynamic by empowering your employees and making them your first line of through proper security training designed to spot today’s new attack methods.
Cybercriminals are increasingly using social engineering to gain an undetected foothold within business and government networks. Stolen credentials obtained by social engineers are used in four out of five breaches, regardless of whether the attack was driven by financially motivated cybercriminals, nation-state-driven cyber espionage activity, or hacktivists.
What should security training and awareness consist of?
- Short, focused sessions with a set amount of information that can be easily retained
- Timely, new topics on current exploits that are relevant to your business and which your employees might encounter
- Testing to determine what your staff has retained
What will a solid security training and awareness program do for your organization?
- Instill a culture of security awareness into your workforce
- Assist staff in understanding what your security policies and procedures require
- Comply with regulatory requirements and safe harbor provisions
- Decrease potential for losses and add to your bottom line
General Security Sessions
JANUS has a variety of generic security classes available to bring to your staff, be they general users or technical staff. These focus on good security practices, leading social engineering techniques to assist you to help staff recognize attacks before falling victim to them, and work as a refresher to their security knowledge. Incorporated are the newest attack methods as well as up-to-date security concepts.
JANUS can tailor an awareness and training curriculum to your specific needs and bring that to your staff. Utilizing knowledge of your processes, this regular reinforcement keeps security knowledge and focus fresh in employees’ minds in a manner that is relevant to their work environment. It also allows for current topics of importance to be brought quickly to staff as new threat vectors emerge. JANUS data security awareness training is designed to reinforce industry best practices and it can easily and cost effectively be customized to reflect your specific policies and procedures.
Learning Management Systems (LMS)
Over our many years of training client staffs, JANUS has increasingly recognized the need for smaller amounts of targeted information security content at shorter intervals. Therefore, JANUS has teamed up with a leading learning management system provider to develop a series of modules that we recommend to train your employees on a continuing basis – often monthly. Security training has been measured to last approximately 90 days; therefore, employees need more frequent exposure to your security message. This program is focused on a variety of short, highly focused, bite-sized modules that employees can quickly absorb via computer. This information, in turn, fosters greater topic understanding, better comprehension, and longer knowledge retention of your data security policies and procedures.
“I read that phishing emails lead to extortion through ransomware, stolen passwords, and fraudulent wire transfers. I am afraid to even consider how many of our employees would really fall for something like that.”
The largest single cause (52%) of data breaches is human error and social engineering, the primary way attackers exploit that is becoming more sophisticated every day, leading to increased risk. Phishing campaigns, malware downloads, poisoned attachments with embedded macro viruses, and phone calls that trick the user into releasing sensitive information rapidly are accelerating. Organizations are realizing the seriousness of this risk and are focusing increasing resources on social engineering testing to determine where their people’s weaknesses are, and how they can better prepare their employees to recognize and resist these intrusions. The social engineering testing goal is to determine if a person who uses computer systems will reveal IDs, passwords, and other confidential information that can lead to compromised systems. JANUS consultants can perform a broad range of social engineering tests to determine what type of exposure your organization has to this form of risk and intrusion. A JANUS social engineering engagement will allow you to quantify your business’s environmental weaknesses and help you determine what type of training and awareness may be needed by your staff to prevent future attacks.
Contact us for a no-charge consultation and learn more about JANUS’ customized approach to Social Engineering testing.