Security Awareness in 2021 - what has changed?
Information Security Awareness Training in 2021: Though many things have changed over the last twelve months, one thing that remains a constant is the importance of maintaining a culture of information security awareness.
With more people than ever working remotely, practice and routines have likely altered a significant degree, increasing the need for organisations to keep employees up-to-date and informed on how to ensure the confidentiality, integrity, and availability of their information.
As much as we may feel protected and safe, the reality is, many forms of information security attacks are actually becoming more common, and more dangerous.
According to recent UK research, almost half of businesses (46%) and a quarter of charities (26%) have reported cyber security breaches or attacks, with 32% of these businesses experiencing these issues at least once a week.
With all these facts in mind, below are Hut Six’s Top 5 Essential Topics for Employees in 2021.
Usernames, passwords, bank logins, credit card details. Answers to security recovery questions. These are all high value targets for cyber criminals, and one of the most common techniques cyber criminals use to steal this information is phishing.
Usually arriving in the form of fraudulent email, phishing attacks may, to the untrained eye, seem relatively innocuous and perhaps more of an annoyance, but according to research, around 91% of all cyber-attacks begin with a phishing email.
As the financial and reputational cost of cyber-attacks and breaches continue to rise, phishing attacks can be significantly mitigated, providing employees are given the right resources and training.
From understanding the basics of phishing identification, to establishing reporting procedures, all the way to simulated phishing attacks, in 2021 organisations need to keep in mind this essential information security awareness training topic for employees.
As many with likely already know, encryption is the process by which information is encoded, in a way that it can only be viewed by those in possession of the correct ‘key’. Though the processes involved in modern encryption can involve extremely complex mathematics, the fundamentals of encryption, thankfully, do not require a degree in cryptography.
In 2021, we rely on encryption for many aspects of our everyday life. From our messaging apps (WhatsApp, Signal, Telegram etc.), to browsing the internet (HTTPS), to employees accessing remote files servers, encryption allows all of these actions to be performed securely.
Encryption is not only necessary for securing sensitive information, but also, in some instances a requirement. If you are working with personal data in your workplace, the UK GDPR requires you to “implement appropriate technical and organisational measures” to ensure it is secure.
Virtual Privacy Networks (VPNs)
A virtual privacy network (VPN) is a tool used for several purposes. Many personal or individual users choose to utilize VPNs primarily to maximise online privacy and anonymity, so that online activities are effectively untraceable.
Corporate VPNs on the other hand are more often used as a way for employees and staff to securely access remote services, such as organisational file servers. Both of these functions are achieved by passing your data through what is usually referred to as an ‘encryption tunnel’.
With remote working becoming increasingly common, for organisations of all kinds, ensuring that information and data remains secure when being access ‘off-site’, and that employees are using these tools correctly, has likely never been more important.
With so much of our sensitive and personal information now stored online, the importance of passwords security cannot be overstated. The integrity of all of our systems, networks and accounts rely on passwords being used in a secure manner, as there is little an attacker cannot do once they have access to your passwords.
Beginning with establishing a secure password creation process (such as a combination of four unrelated words), to passwords management techniques, like many information security awareness training topics, the foundations of password security are simple, easy to understand, and essential to implement.
With many users reusing passwords, using easy to ‘crack’ passwords, and improperly storing these passwords, it is vital that employees understand the value of proper password security, making this perhaps the most vital of all information security awareness training topics for employees in 2021.
Social Media and Privacy
With social media in particular, there is an inherent motivation to share information. From the professional platforms, such as LinkedIn, to the more personal platforms like Facebook, Twitter or Instagram, information is what all of these companies thrive on.
Though a certain level of sharing can be relatively harmless, and even fun, ‘over-sharing’ on the other hand can invite in information security problems. Leaving users and businesses open to identity theft, reputational damage, spear phishing attacks and ultimately, significant financial loss.
Depending on your organisation there will be different advice as to what is and is not appropriate for employees to share, though all employees should me made aware of the risks and potential costs involved with publicly displaying sensitive and personal information.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Cyberpunk 2077 Attack, North Korean Crypto Theft & SIM Swaps - InfoSec Round-Up Feb 12th
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.
SolarWinds Flaws, Ransomware Attack & Oxfam Breach - InfoSec Round-Up Feb 5th
Information Security Awareness Training and ISO 27001 blog by information security awareness training provider Hut Six Security
TikTok Flaws, Broken Botnet & Ransomware Gang Takedown - InfoSec Round-Up Jan 29th
Information Security Resolutions for the New Year: Part Two. Information security for 2021 blog post by Hut Six Security.
INTERPOL Warning, Leaked Pixlr Records & App Flaws - InfoSec Round-Up Jan 22nd
Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.
Ryuk Ransomware Gang, Cryptocurrency Fortunes & SolarWinds - InfoSec Round-Up Jan 17th
ISO 27001 vs SOC 2 Certifications - what's the difference? SOC 2 is a type of audit report focusing on security controls. ISO27001 is a compliance standard focused on high level information security.