Are you making the most out of October’s national focus on security? Here are some key facts about social engineering, from the SANS Security Awareness conference in August:
1. In moments of stress, regular people are forced to make security decisions for your organization. They need help to prepare for those situations.
2. All organizations start a security awareness programs on a shoestring budget. Some grow from a part-time or single full-time position to mature organizations with two+ full-time employees, who have tech but mostly communication skills.
3. Small or mid-sized organizations can’t keep up. Most of the organizations present had over 5,000 employees.
4. Using video can get your point across, but don’t feel like awareness content should cost $10,000+, like this one from RBC. https://www.youtube.com/watch?v=sszudlN-PDE
In social engineering, humans are the attack vector, and security technology can’t help much. It’s incumbent on the people in the organization to do their part. Yet they’ve got day jobs and must be engaged. Putting a security awareness program in place is a good first step.
For other ideas to improve security in October and beyond, click here to sign up to get our e-guide, “All the Accountability, Little Authority,” specifically written for CIOs in organizations which lack a CISO.