A ransomware war isn't something you can win easily. Whether you're working for an SMB or large enterprise, ANY human failure can let the ransomware sneak-in via email, remotely from a VDI device, or infected USB key or LAN. It's almost 100% of the time the result of a human failure. That's why I think that it is quite important to have some kind of a Security Awareness Training for your co-workers.
Hackers exploits human errors first when they try to hack the network within your company. Only after, they're trying to get in via different OS/routeur/access points vulnerabilities that has not been patched yet. Why? It's because it's easier for them to send millions of spam e-mails with phishing links and get 10 good “entries” into your PC/laptop/server that is sooner or later connected to your company's LAN/WAN where they can sit and observe until they get an elevated access.
In this post we'll focus on one particular aspect that you can do and it is to provide a Security Awareness training for your employees as they are basically the first line of defense. Train them how to deal with phishing, spam, or ransomware. Recent study found out that 95% of all cyber security incidents are caused by human error.
I don't have time to train them?
Yes, it can be time consuming, to train people. Unless it's done remotely and automatically. Some security training are conducted online, where you can consume the content and do a real-time tests to see whether you know how to recognize phishing email.
In fact, you get trained by specialists which provide a wide range of realistic and latest email phishing scenarios to prepare your employees as well as possible for sophisticated spear phishing attacks.
One of the training that you can find, out there, is a Security Awareness Training from Hornetsecurity. It's tailored to your needs, and fully automated.
They follow a program which
Can I monitor the progress of my employees?
Yes, you can. The system gives you an access to a dashboard where you can see how many of your employees has completed, started or not started yet the training.
You can see:
- Real time stats
- ESI reporting with history and forecast
- You can configure and customize general training settings to meet your company's needs.
Image below shows the Employee Security Index (ESI) with weekly, monthly progress over time.
There is an Employee Security Index (ESI) which track each employee, group and enterprise. The ESI gives you an idea whether your company as a group is well prepared (or not), to face a phishing attack.
The employees get into a situations where they face different levels of difficulty and sophistication of the simulated spear phishing attacks.
Those situations are fully automated and controlled.
Hornetsecurity's Spear Phishing Engine uses different kind of psychological manipulation factors including publicly available company data and employee-related information to make the phishing attack real.
Quote:
Security Awareness Training educates your employees through realistic spear phishing simulation and AI-powered e-training that boosts the awareness for cyber security risks and threats. They effectively learn how to protect themselves and your business.
Training is boring
No, because it's also using a “gamification” approach to motivate them to give their best. The central access to all learning content within the Security Hub that you'll get access to, gives you an opportunity to start the modules that teach you the different aspects of cyber security important to know from the perspective of an employee.
The modules goes from simple phishing, into “Bring Your Own Device” BYOD and mobile device security aspects. Remote workers that number has risen up within the pandemics are one of the “problems” within a company, too. They are targets of an attack because they sometimes uses their own equipment where they have their personal emails which adds an additional vector of phishing attack
Final Words
Security Awareness Training allows your company to be more prepared. Being prepared and trained there is a less chance that hackers can get into your LAN or perimeter network to steal or encrypt your data. We are living during a dangerous times where all can be lost if you're not prepared, if you don't have a plan.
Companies of all shapes and sizes are dealing with an increase in attempts at social engineering and phishing, tactics that may seem sometimes unsophisticated but can actually lead to large incidents. Education is the key to helping people and organizations better identify these threats and keep themselves protected.
The training is for any employee, individual or group, who wants to better understand the most common cyber risks and what they can do to protect themselves and their organizations.
An effective awareness training program addresses the cybersecurity mistakes that employees may make when using email, the web and in the real life.
Check the details at Hornetsecurity website here.
More posts from ESX Virtualization:
- vSphere 8.0 Page (NEW)
- Patch your ESXi 7.x again
- VMware vCenter Server 7.03 U3g – Download and patch
- Upgrade VMware ESXi to 7.0 U3 via command line
- VMware vCenter Server 7.0 U3e released – another maintenance release fixing vSphere with Tanzu
- VMware vCenter Converter Discontinued – what’s your options?
- How to upgrade VMware VCSA 7 Offline via patch ISO
- vSphere 7.0 U3C Released
- vSphere 7.0 Page[All details about vSphere and related products here]
- VMware vSphere 7.0 Announced – vCenter Server Details
- VMware vSphere 7.0 DRS Improvements – What's New
- How to Patch vCenter Server Appliance (VCSA) – [Guide]
- What is The Difference between VMware vSphere, ESXi and vCenter
- How to Configure VMware High Availability (HA) Cluster
Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)
