Security Awareness in 2021 - what has changed?

Information Security Awareness Training in 2021: Though many things have changed over the last twelve months, one thing that remains a constant is the importance of maintaining a culture of information security awareness.

With more people than ever working remotely, practice and routines have likely altered a significant degree, increasing the need for organisations to keep employees up-to-date and informed on how to ensure the confidentiality, integrity, and availability of their information.

As much as we may feel protected and safe, the reality is, many forms of information security attacks are actually becoming more common, and more dangerous.

According to recent UK research, almost half of businesses (46%) and a quarter of charities (26%) have reported cyber security breaches or attacks, with 32% of these businesses experiencing these issues at least once a week.

With all these facts in mind, below are Hut Six’s Top 5 Essential Topics for Employees in 2021.

Phishing Attacks

Usernames, passwords, bank logins, credit card details. Answers to security recovery questions. These are all high value targets for cyber criminals, and one of the most common techniques cyber criminals use to steal this information is phishing.

Usually arriving in the form of fraudulent email, phishing attacks may, to the untrained eye, seem relatively innocuous and perhaps more of an annoyance, but according to research, around 91% of all cyber-attacks begin with a phishing email.

As the financial and reputational cost of cyber-attacks and breaches continue to rise, phishing attacks can be significantly mitigated, providing employees are given the right resources and training.

From understanding the basics of phishing identification, to establishing reporting procedures, all the way to simulated phishing attacks, in 2021 organisations need to keep in mind this essential information security awareness training topic for employees.

Encryption

As many with likely already know, encryption is the process by which information is encoded, in a way that it can only be viewed by those in possession of the correct ‘key’. Though the processes involved in modern encryption can involve extremely complex mathematics, the fundamentals of encryption, thankfully, do not require a degree in cryptography.

In 2021, we rely on encryption for many aspects of our everyday life. From our messaging apps (WhatsApp, Signal, Telegram etc.), to browsing the internet (HTTPS), to employees accessing remote files servers, encryption allows all of these actions to be performed securely.

Encryption is not only necessary for securing sensitive information, but also, in some instances a requirement.  If you are working with personal data in your workplace, the UK GDPR requires you to “implement appropriate technical and organisational measures” to ensure it is secure.

Virtual Privacy Networks (VPNs)

A virtual privacy network (VPN) is a tool used for several purposes. Many personal or individual users choose to utilize VPNs primarily to maximise online privacy and anonymity, so that online activities are effectively untraceable.

Corporate VPNs on the other hand are more often used as a way for employees and staff to securely access remote services, such as organisational file servers. Both of these functions are achieved by passing your data through what is usually referred to as an ‘encryption tunnel’.

With remote working becoming increasingly common, for organisations of all kinds, ensuring that information and data remains secure when being access ‘off-site’, and that employees are using these tools correctly, has likely never been more important.

Password Security

With so much of our sensitive and personal information now stored online, the importance of passwords security cannot be overstated. The integrity of all of our systems, networks and accounts rely on passwords being used in a secure manner, as there is little an attacker cannot do once they have access to your passwords.

Beginning with establishing a secure password creation process (such as a combination of four unrelated words), to passwords management techniques, like many information security awareness training topics, the foundations of password security are simple, easy to understand, and essential to implement.

With many users reusing passwords, using easy to ‘crack’ passwords, and improperly storing these passwords, it is vital that employees understand the value of proper password security, making this perhaps the most vital of all information security awareness training topics for employees in 2021.

Social Media and Privacy

With social media in particular, there is an inherent motivation to share information. From the professional platforms, such as LinkedIn, to the more personal platforms like Facebook, Twitter or Instagram, information is what all of these companies thrive on.

Though a certain level of sharing can be relatively harmless, and even fun, ‘over-sharing’ on the other hand can invite in information security problems. Leaving users and businesses open to identity theft, reputational damage, spear phishing attacks and ultimately, significant financial loss.

Depending on your organisation there will be different advice as to what is and is not appropriate for employees to share, though all employees should me made aware of the risks and potential costs involved with publicly displaying sensitive and personal information.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Virtual Privacy Networks for Businesses

The Five Best VPNs for Work

What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.

ISO 27001 Security Awareness Training

Preparing for ISO 27001 with Information Security Awareness Training

Information Security Awareness Training and ISO 27001 blog by information security awareness training provider Hut Six Security

Information Security Focus for 2021

Information Security Resolutions for the New Year: Part Two

Information Security Resolutions for the New Year: Part Two. Information security for 2021 blog post by Hut Six Security.

Information Security Resolutions 2021

10 Information Security Resolutions for the New Year: Part One

Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.

ISO 27001 vs SOC 2: What is the difference?

ISO 27001 vs SOC 2 Certification - Hut Six

ISO 27001 vs SOC 2 Certifications - what's the difference? SOC 2 is a type of audit report focusing on security controls. ISO27001 is a compliance standard focused on high level information security.

Top 5 Breaches 2020

The Five Biggest Breaches and Hacks of 2020

The Five Biggest Breaches and Hacks of 2020. Information Security blog by Information Security Awareness provider Hut Six Security.

SOC 2 Compliance Security Awareness Requirements

Preparing for SOC 2 Compliance - Hut Six

Preparing for SOC 2 Compliance. What are the 5 Trust Service Principles? Security · Availability · Processing Integrity · Confidentiality · Privacy

Securing Work from Home

Top 10 Security Tips for Remote Work

Top 10 Security Tips for Remote Work. Securing Work from Home blog image by Information Security Awareness Training provider Hut Six Security.

Business Case for Security Awareness Training

Building a Business Case for Information Security Awareness Training

Building a Business Case for Information Security Awareness Training blog by Information Security Awareness Training provider Hut Six.

Zero Trust Security

How Zero Trust Works

How Zero Trust Works - Zero Trust Security blog by Information Security Awareness Training provider Hut Six Security.