Seven years ago, a new puppy moved in with my family. In an effort to socialize him, we attended classes so he could interact with unfamiliar people and other dogs. One day, I even chased down the UPS man so the puppy would be exposed to someone in a uniform. I had read about puppy development and the fear stages of a dog and thought I had done all that was required. To my dismay, I have since learned that dogs require continuing reinforcement, correction, and retraining. Our now seven-year-old dog doesn’t always play well with strangers.
Lessons learned from puppies apply equally to privacy and cyber security training for people. Experts agree: it is impossible to spend enough money to safeguard a computer system from the human element. Policies, procedures, and consistent training are required.
Training once or even once a year is not enough. Since the threats are constantly changing, training must be ongoing. [A month ago, who had heard of Wanna Cry?] Someone in each organization must monitor threats and, as they emerge, share information with the group. Since executives and new hires are likely the most vulnerable to certain types of attacks, everyone should participate in this ongoing training.
Social media and company websites provide a wealth of information from which an attacker can construct a credible phishing e-mail. It happens every day, and each member of the organization should be made aware.
Organizations should periodically test compliance with policies and procedures. Try to view the inevitable lapses as training opportunities; punishment only discourages reporting of problems.
If you would like to speak to Debbie Fulton about this or any other matter, she may be reached at (865) 546-9321.