Internet Security Awareness Training

Even small and medium enterprises are generally recommended to provide such training, but organizations that need to comply with government regulations (e.g., the Gramm–Leach–Bliley Act, the Payment Card Industry Data Security Standard, Health Insurance Portability and Accountability Act, Sarbox) normally require formal ISAT for annually for all employees.

As the threat landscape changes very frequently, organizations should continuously review their training programs to ensure relevance with current trends.

[3] Topics covered in ISAT[4] include: Being Internet Security Aware means you understand that there are people actively trying to steal data that is stored within your organization's computers.

(This often focuses on user names and passwords, so that criminal elements can ultimately get access to bank accounts and other high-value IT assets.)

It is a good practice to periodically train customers of specific organizations on threats they face from people with malicious intentions.

[2] Employees are key in whether organizations are breached or not; there must be a policy on creating awareness and training them on emerging threats and actions to take in safeguarding sensitive information and reporting any observed unusual activity within the corporate environment.

[10] Research has shown that SAT has helped reduce cyber-attacks within organizations, especially when it comes to phishing, as trainees learned to identify these attack modes and give them the self-assurance to take action appropriately.

Employees and contractors pose threats to organizations that training can help reduce.