Employees are one of the major sources of cyber-security risk for firms. FINRA found that many of the cyber-security attacks that firms identified were successful precisely because employees made mistakes, such as inadvertently downloading malware or responding to a phishing attack. For this reason, cyber-security training is an essential component of any cyber-security program. Even the best technical controls on a firm’s systems can be rapidly undermined by employees who are inattentive to cyber-security risks.
In addition, the NIST Framework identifies training as a critical piece of an organization’s cyber-security infrastructure. NIST recommends that all users (from vendors to senior executives) are informed and trained, and users understand their specific roles and responsibilities. This includes educating those users on the risks associated with the data they may encounter. Training is also a key component in the SANS Top 20. SANS recommends that organizations perform an analysis to determine where the skill gaps and points of risk exposure exist, and develop and deliver training in those areas.
Taking into account best practices from government agencies and our own internal experience, VIG Media has developed training courses for managers and employees alike to ensure they are up to date with today’s latest threats and are able to conduct business in as safe a manner as possible
VIG Media takes training a step further by spot testing your employees to ensure they comply with the best practices presented in training sessions.