What is a Security Awareness and Training Policy?

Many employees aren’t conscious of the dangers that threaten the modern enterprise computing environment. They don’t understand all of the possible threats that may lead to fraud, blackmail, extortion or worse. A good policy for training new employees and retraining existing employees can reduce the dangers dramatically.

Some of the most common types of attacks that any training should describe are:

  • Controlling access by setting accurate passwords and maintaining other multi-factor authentication tools,
  • Recognizing potentially dangerous emails with malware or phishing attacks,
  • Avoiding potentially insecure websites,
  • Maintaining physical security for hardware,
  • Recognizing social engineering attempts,
  • Being aware of malfunctioning hardware or software,
  • Understanding how to report issues to the appropriate staff.

Many businesses often have particular needs. Health care offices, for instance, must pay particular attention to protecting the personal information of patients. Chemical plants must be sensitive to any threats to the control systems that maintain safety. The training sessions should emphasize the most important details for a particular industry.