Topics covered in security awareness training include:
- Sensitive material and physical assets that are important to the organisation, such as trade secrets, customer data, privacy concerns and Government classified information
- Employee and contractor responsibilities in handling sensitive information, including review of employee nondisclosure agreements
- Requirements for proper handling of sensitive material in physical form, including marking, transmission, storage and destruction
- Proper methods for protecting sensitive information on computer systems, including password policy and use of two-factor authentication
- Other general computer security concerns, including malware, phishing etc
- Workplace security, including building access, wearing of security badges, reporting of incidents, forbidden articles, etc.
- Consequences of failure to properly protect information, including potential loss of employment, economic consequences to the firm, damage to individuals whose private records are divulged, and possible civil and criminal penalties
Making an organisation’s members and staff aware of the risks and available safeguards is the first line of defence for the security of information systems and networks. By implementing a security awareness training programme the aim is to achieve a long term shift in the attitude of personnel towards security, whilst promoting a cultural and behavioural best practice within an organisation.
We design bespoke security awareness training programmes to instruct members of an organisation about the protection of the physical and information assets of that organisation. This can be part of an induction programme or part of a periodic or annual process.