The Security Innovation Europe Blog

8 Essential Components of an Effective Security Awareness Curriculum

Posted by Marc Dunlop on Nov 29, 2016


8_Essential_Components_of_an_Effective_Security_Awareness_CurriculumA security awareness curriculum is the vital first step in improving your security, helping you to raise organisation-wide awareness of the threats faced by your employees and business on a day-to-day basis.

To ensure each and every one of your employees understands the need for security, we’re looking at the 8 crucial components of an effective security awareness curriculum – helping you to roll-out an awareness program that tackles all of the biggest threats faced by your organisation.

1) Malware Awareness

Malicious software (known as malware) is a huge problem for organisations, with growing numbers of employees choosing to install unapproved software onto both work and home networks. To reduce the threat of malware and shadow IT, employees need to be taught how to identify common types of malware.

2) Social Engineering

The techniques of psychological manipulation make social engineering extremely difficult to avoid; and with login details and secure information regularly compromised through unsolicited calls, emails and in-person visits, it can have a huge impact on security. The problem can be mitigated by raising awareness for common social engineering strategies – and teaching employees about the SOCIAL system for security awareness.

3) Password Security

Passwords pose one of the biggest (and perhaps most easily remedied) security problems faced by large organisations. Passwords are used to secure huge numbers of secure applications and devices, and guard against unauthorised access to sensitive data. Weak, insecure and reused passwords can create massive security issues, so it’s essential to raise awareness of the best practices of password security.

4) Email Security

Emails can be a huge source of potential security vulnerabilities, whether from malicious attachments, phishing for sensitive data, or offering disguised malware. By raising awareness of the common threats posed by email, employees can be taught how to identify, flag and dispose of malicious emails.

5) Physical Security

Whilst many security issues emerge from an organisation’s computer network, serious problems can still occur as a result of physical vulnerabilities. Employees need to be educated about the threat of data theft from mobile devices, unlocked drawers and desks, and even Post It notes.

6) Mobile Device Security

Smartphones, tablets and laptops have facilitated a growing trend towards mobile working – with personal devices used to access and store sensitive data. In order to protect information from loss and theft, it’s essential for organisations to create and promote a codified Bring Your Own Device policy for remote working.

7) Travel Security

The combined threat of remote working, mobile devices and physical security breaches mean that travel security is a greater problem than ever before. Most organisations view security as starting at the front door of their premises; but in reality, the journey to work can be a serious source of security problems, particularly from stolen and lost devices. Employees need to be educated about the risks of remote working; and helped to understand when mobile devices and secure data need to be left at home.

8) Phishing Awareness

Phishing is a variant of social engineering that uses misleading emails and webpages to extract sensitive data. In addition to tightening security on email clients and web browsers, the problem can be reduced by educating employees about the threats and common hallmarks of phishing attacks.

To learn how to improve security awareness in your organisation, download our whitepaper below.

biggest information security mistakes