Security Awareness in 2021 - what has changed?

Information Security Awareness Training in 2021: Though many things have changed over the last twelve months, one thing that remains a constant is the importance of maintaining a culture of information security awareness.

With more people than ever working remotely, practice and routines have likely altered a significant degree, increasing the need for organisations to keep employees up-to-date and informed on how to ensure the confidentiality, integrity, and availability of their information.

As much as we may feel protected and safe, the reality is, many forms of information security attacks are actually becoming more common, and more dangerous.

According to recent UK research, almost half of businesses (46%) and a quarter of charities (26%) have reported cyber security breaches or attacks, with 32% of these businesses experiencing these issues at least once a week.

With all these facts in mind, below are Hut Six’s Top 5 Essential Topics for Employees in 2021.

Phishing Attacks

Usernames, passwords, bank logins, credit card details. Answers to security recovery questions. These are all high value targets for cyber criminals, and one of the most common techniques cyber criminals use to steal this information is phishing.

Usually arriving in the form of fraudulent email, phishing attacks may, to the untrained eye, seem relatively innocuous and perhaps more of an annoyance, but according to research, around 91% of all cyber-attacks begin with a phishing email.

As the financial and reputational cost of cyber-attacks and breaches continue to rise, phishing attacks can be significantly mitigated, providing employees are given the right resources and training.

From understanding the basics of phishing identification, to establishing reporting procedures, all the way to simulated phishing attacks, in 2021 organisations need to keep in mind this essential information security awareness training topic for employees.

Encryption

As many with likely already know, encryption is the process by which information is encoded, in a way that it can only be viewed by those in possession of the correct ‘key’. Though the processes involved in modern encryption can involve extremely complex mathematics, the fundamentals of encryption, thankfully, do not require a degree in cryptography.

In 2021, we rely on encryption for many aspects of our everyday life. From our messaging apps (WhatsApp, Signal, Telegram etc.), to browsing the internet (HTTPS), to employees accessing remote files servers, encryption allows all of these actions to be performed securely.

Encryption is not only necessary for securing sensitive information, but also, in some instances a requirement.  If you are working with personal data in your workplace, the UK GDPR requires you to “implement appropriate technical and organisational measures” to ensure it is secure.

Virtual Privacy Networks (VPNs)

A virtual privacy network (VPN) is a tool used for several purposes. Many personal or individual users choose to utilize VPNs primarily to maximise online privacy and anonymity, so that online activities are effectively untraceable.

Corporate VPNs on the other hand are more often used as a way for employees and staff to securely access remote services, such as organisational file servers. Both of these functions are achieved by passing your data through what is usually referred to as an ‘encryption tunnel’.

With remote working becoming increasingly common, for organisations of all kinds, ensuring that information and data remains secure when being access ‘off-site’, and that employees are using these tools correctly, has likely never been more important.

Password Security

With so much of our sensitive and personal information now stored online, the importance of passwords security cannot be overstated. The integrity of all of our systems, networks and accounts rely on passwords being used in a secure manner, as there is little an attacker cannot do once they have access to your passwords.

Beginning with establishing a secure password creation process (such as a combination of four unrelated words), to passwords management techniques, like many information security awareness training topics, the foundations of password security are simple, easy to understand, and essential to implement.

With many users reusing passwords, using easy to ‘crack’ passwords, and improperly storing these passwords, it is vital that employees understand the value of proper password security, making this perhaps the most vital of all information security awareness training topics for employees in 2021.

Social Media and Privacy

With social media in particular, there is an inherent motivation to share information. From the professional platforms, such as LinkedIn, to the more personal platforms like Facebook, Twitter or Instagram, information is what all of these companies thrive on.

Though a certain level of sharing can be relatively harmless, and even fun, ‘over-sharing’ on the other hand can invite in information security problems. Leaving users and businesses open to identity theft, reputational damage, spear phishing attacks and ultimately, significant financial loss.

Depending on your organisation there will be different advice as to what is and is not appropriate for employees to share, though all employees should me made aware of the risks and potential costs involved with publicly displaying sensitive and personal information.