Cybersecurity has always been a difficult subject to understand for both IT professionals and business managers alike. And it has grown increasingly complex due to the advent of modern social engineering schemes. But it doesn’t have to be, particularly with respect to the subject of security awareness—the human aspect of cybersecurity.
Fortunately, there are a growing set of unique tools from select technology vendors that simplify the task of understanding the risks that their staff pose to the organization from a cybersecurity perspective. One such method or effective tool is an employee security survey, which can be conducted when an employee is onboarded within an organization and annually thereafter.
Performing a security awareness assessment is a critical first step in evaluating employees, since they hopefully become your main line of defense against phishing, ransomware, and other social engineering attacks, if professionally trained. So ideally, it is vitally important to identify those employees lacking a proper security posture and to get them in training immediately prior to having any access to the organization’s computing environment.
Equally important, once evaluated, all employees should be continuously trained throughout the year in identifying potential threats such as phishing, downloading attachments and clicking on links within email and web browser apps. But that is a subject for later discussion. The important thing to remember is that the cyberthreat landscape is constantly changing, thus the need for continuous training, or at a minimum, comprehensive annual training.
In summary, since the dawn of cybersecurity or computing humans have been considered the weakest link in the security chain due to their susceptibility to errors, trickery, and deceit. This negative view from the past is now changing with a more positive outlook on the human layer of security. Individuals can be seen as a first line of defense or human firewall against malicious attacks via social engineering, if rigorously evaluated and trained in security awareness.