SECURITY AWARENESSTHE HUMAN FIREWALL

Security Awareness Kampagne - SEC4YOU Haftnotizen mit Security Tipps - kostenfrei erhältlich

Cur­rent secu­ri­ty inci­dents cle­ar­ly show that tech­ni­cal mea­su­res and secu­ri­ty gui­de­lines alo­ne are not suf­fi­ci­ent to gua­ran­tee the secu­ri­ty of infor­ma­ti­on and infor­ma­ti­on-pro­ces­sing IT sys­tems. As the wea­k­est link in the chain, the human fac­tor is incre­asing­ly coming into focus and is a popu­lar tar­get of attack.

In prac­ti­ce, it is appa­rent that employees in com­pa­nies are very often not ade­qua­te­ly pre­pared for this and the human “fire­wall” fails.

Awa­re­ness and trai­ning events

In cus­to­mer-spe­ci­fic SEC4YOU semi­nars, the neces­sa­ry ele­ments of suc­cessful secu­ri­ty awa­re­ness cam­paigns are taught. Based on psy­cho­lo­gi­cal aspects and the typi­cal chal­lenges, the neces­sa­ry mea­su­res for sen­si­tiza­ti­on, edu­ca­ti­on and regu­lar trai­ning are cover­ed. Live demos inte­gra­ted in the semi­nar show how to plan a social engi­nee­ring attack and which tools are typi­cal­ly used for this pur­po­se (phis­hing emails, USB sticks, etc.).

Our approach to deve­lo­ping secu­ri­ty awa­re­ness pro­grams is to increase the matu­ri­ty level of employee secu­ri­ty awa­re­ness in stages, opti­mal­ly imple­men­ted in the fol­lo­wing order:

  1. Secu­ri­ty Awa­re­ness Sen­si­tiza­ti­on — regar­ding the poten­ti­al threats.
  2. Secu­ri­ty Awa­re­ness Edu­ca­ti­on — trai­ning in the requi­red cour­ses of action
  3. Secu­ri­ty Awa­re­ness Trai­ning — prac­ti­cal trai­ning in examples

Our semi­nar con­tents can be boo­ked in modules:

  • Cur­rent thre­at situa­ti­on (What do we have to pro­tect our­sel­ves from?)
  • Basic con­cepts of infor­ma­ti­on security
  • Psy­cho­lo­gi­cal aspects
  • Chan­ges in the world of work (We work always and everywhere)
  • Dan­gers of mobi­le devices and data carriers
  • The pass­word and its challenges
  • Inter­net use as a poten­ti­al risk
  • Using WLAN secu­re­ly (VPN)
  • Risks of social media (Face­book, XING, Link­eIn, etc.)
  • Phis­hing emails
  • Reco­gni­zing and fen­ding off social engi­nee­ring attacks
  • Deve­lo­p­ment and imple­men­ta­ti­on of secu­ri­ty awa­re­ness campaigns
  • The supe­ri­or as role model?
  • Sen­si­tiza­ti­on of management
  • Trai­ning through eLear­ning / lectures
  • Fly­ers and pos­ters as a means of rai­sing awareness
  • Live demo (phis­hing emails, USB stick (Rub­ber Ducky), etc.)
  • Mea­su­re­ment of suc­cess (KPI)

Stan­dar­di­zed and indi­vi­dua­li­zed online training

Employees can be sen­si­ti­zed and trai­ned cost-effec­tively in indi­vi­du­al­ly retrie­va­ble online trai­ning cour­ses on secu­ri­ty awa­re­ness. The­se online cour­ses are cal­led up by the com­pa­ny for a defi­ned num­ber of employees and can be con­su­med by employees over any peri­od of time. At the end of a cour­se, ques­ti­ons about the con­tent can docu­ment par­ti­ci­pa­ti­on in a traceable manner.

Social engi­nee­ring as an ent­ry point?

In prac­ti­ce, it has been shown that IT audits spe­ci­fi­cal­ly social engi­nee­ring should only be pla­ced once pre­pa­ra­to­ry secu­ri­ty awa­re­ness pro­grams have been offe­red to employees, sin­ce wit­hout pre­pa­ra­ti­on the tar­get sta­te has not been cle­ar­ly defi­ned and trai­ned. On this, see also our artic­le Curing Cyber­crime Blind­ness: Regai­ning Con­trol.

  • To veri­fy the effec­ti­ve­ness of secu­ri­ty awa­re­ness, SEC4YOU offers the fol­lo­wing social engi­nee­ring audits:
  • Thre­at ana­ly­sis through published information.
  • Direct non-phy­si­cal cont­act, e.g. through phis­hing emails and mani­pu­la­ted websites
  • Non-face-to-face cont­act by lay­ing out data car­ri­ers with spe­cial software
  • Direct phy­si­cal cont­act to obtain sen­si­ti­ve information
  • Trai­ning to detect and defend against social engi­nee­ring attacks

Deve­lo­p­ment of inter­nal secu­ri­ty awa­re­ness campaigns

Inter­nal cam­paigns that are accom­pa­nied by mate­ri­als, give-aways and visu­al mea­su­res are sui­ta­ble for rai­sing awa­re­ness.  Often the­se cam­paigns are imple­men­ted with the fol­lo­wing tools:

  • News­let­ter
  • Pos­ters
  • Sti­cky notes
  • Comics
  • Intra­net banners
  • Dis­play
  • Screen­sa­ver design
  • Mou­se pads

YOUR ADVANTAGES

  • The best defen­se method against cyber­crime.

 

  • Gra­du­al increase in matu­ri­ty level through (1) sen­si­tiza­ti­on, (2) edu­ca­ti­on and (3) trai­ning.

 

  • The secu­ri­ty awa­re­ness semi­nars can be boo­ked as on-site semi­nars or online semi­nars.

 

  • Accom­pany­ing inter­nal mar­ke­ting mea­su­res are available for the secu­ri­ty awa­re­ness campaign.

Ques­ti­ons about Secu­ri­ty Awa­re­ness? Would you like to talk to an expert?