Most threats are well known and re-occur frequently. Every stakeholder from end-users to senior management and the board of directors needs to know the current top threats against your company and what you are doing to stop them. Some of the threats you face, like social engineering, can only be stopped by educating the people in your company.  So the ability to communicate is often the thing that separates a great IT pro from a mediocre one.

Communication is an essential IT skill. But you can’t simply rely on your charming personality because communication happens through a variety of methods : face-to-face conversation, written documentation, emails, online learning modules, newsletters, tests, and simulated phishing.

Every good IT pro needs to be able to clearly and effectively communicate using verbal and written methods. When appropriate, she knows how to create or purchase the needed education and communication vehicles. No matter what technical controls you deploy, every year something will make it past them. So, make sure your stakeholders are prepared. At the very least, the following items should be covered in your education program:

  • The most likely, significant, threats and risks against the organization
  • Acceptable use
  • Security policy
  • How to authenticate and what to avoid
  • protection
  • Social engineering
  • How and when to report suspicious security incidents

Looking for some hands-on, practical information security education advice? Check out “Ways to improve security education in the New Year” at CSO Online.

Source link


Please enter your comment!
Please enter your name here