The organization’s employees are the last line of defense. Therefore, they must be aware of the dangers and keep security in mind.
In security surveys, it appears that between 70%-80% of information leaks in organizations originate from human error and the chances of damage from within the organization are higher and more significant.
If we examine information security incidents in recent years, we will discover quite a few incidents that could have been easily avoided through education and advocacy.
Bringing employees to know the issue of information security in the organization allows for significantly reducing information security incidents, safeguarding the organization’s assets and its business interests.
The Goal
- Helping employees understand the importance of secure work.
- Making systems and processes as simple and user-friendly as possible.
- Using different organizational departments (marketing, human resources, etc.) in order to implement secure behavior.
- Avoiding giving rigid and conclusive instructions; Instead – a presentation of secure work habits.
- Creating motivation among employees to protect the company and providing tools that will allow them to make the necessary decisions.
- Giving positive rewards to employees who conduct themselves in a secure manner, and on the other hand, punishing those who deviate from this.
Operation
Use of automated training tools that allow training and examination of a variety of topics such as:
- Checking user awareness, training users and alerting them to threats.
- Performing Phishing simulations on the organization’s users, pre-exam and data check after training.
- Guidance and training on choosing passwords, using personal and organizational information and separating them.