Companies are spending significant resources trying to reduce security risk among employees. And they spend billions each year on training, yet major data breaches continue to make headlines, and human error remains the leading cause of a breach. Where's the disconnect?
One major problem is that companies haven't adapted their security training as quickly as cybercriminals have evolved their attack methods. Cybercriminals increasingly target specific employees based on real-time factors like tenure, department, and location to make their scams more believable. To safeguard against these threats, security training must be as tailored and sophisticated as attack methods.
There are a number of factors and behaviors that affect a particular employee's risk. Here are four of them, and how security training should take them into account.
Department and Job FunctionCybercriminals craft convincing scams by tailoring them based on an employee's department and role. They comb platforms like LinkedIn and company websites to find these details.
Security training should be tailored by job function and provide employees with real-world examples of the scams most likely to target them. For example, the CFO and finance department might be targeted by more business email compromise attacks like wire transfer fraud, and they should be trained on them accordingly.
Human error also differs by department. For example, sales teams often have access to large swaths of personal information. Train these teams on how to avoid data loss risks, like sending documents or attachments to their personal emails.
Individualized training allows companies to prioritize training for employees with access to sensitive data, such as customer Social Security numbers and financial information, and fo ..
Support the originator by clicking the read the rest link below.