September 27, 2022 •The Cyber Montana Team
We know that almost 90% of data breaches are caused by human error*; the human factor is very often the weakest link. Security-aware employees are a primary line of defense in our interconnected world. CyberMontana offers ongoing, focused training in cyber vigilance tailored to both employees & employers to help establish best practices in security awareness and aid Montana organizations in becoming more secure. Professional development in security awareness is one of our statewide efforts.
What Does Security Awareness Mean?
Cybersecurity is about being aware and mindful of different day-to-day, common activities. What understanding do end users have about best practices in cybersecurity and the threats that face us every day? Both as individuals and as employees or organizations.
One interesting practice is to look up your email address and see if it has been a part of any breach. Think about which devices have been used to access that email address and the potential cyber breaches that may have accompanied that one email breach.
What is the cost of training?
CyberMontana is now offering free end-user Security Awareness Training for the months of September, October, and November 2022. We recommend continuing courses and creating a cyber secure environment. If your organization starts training and would like to continue after November 2022, please contact CyberMontana to discuss the cost and make a plan to continue moving forward.
How long are the courses and how many should we complete?
Lessons are interactive, fully online, can be taken at any time, and are 20-30 minutes each in length. We recommend small businesses spend a week on each lesson. For larger businesses, we recommend two weeks per lesson. Currently, six courses are available, with more being developed.
What lessons are available?
Currently, six lessons are available, with more being developed. Topics include:
- Phishing: The lesson defines phishing (a form of fraud in which an attacker masquerades as a reputable entity or person in email or other forms of communication), how to identify it, and what to do if phishing I suspected. Users are given several examples of phishing emails.
- Password Creation: Users are taught the importance of proper passwords and how to construct them. Users are given examples of strong and weak passwords and will then practice constructing stronger, unique passwords.
- Social Media: Users learn best practices to keep themselves safe on social media. Users learn strong security settings and thoughtful consideration of what they share about themselves and their organization.
- Malware and Ransomware: The lesson defines malware (malicious software) and ransomware (type of malware that blocks access to devices and/or data, often until payment). The lesson describes what attacks can look like, prevention methods to implement, and what impacts malware can have on an organization.
- Work From Home: The Lesson focuses on securing the home workspace, work and personal devices, and your network. Users learn the dangers of unknown networks, the importance of securing devices in transit and in public places, and how to handle secure information in public places both on devices and in calls.
- Mobile Device: This lesson covers foundational information to keep data safe when using a mobile device. This includes app permissions, phone calls, and network/Bluetooth connection in public areas. It also includes what it means to share information on your mobile devices and what exact information you are sharing with those applications.
Who should plan for cybersecurity awareness in the workplace?
Both the employer and employee are responsible for security awareness to protect the organization. Both are also responsible for deciding when it is time to learn more about security awareness. CyberMontana works with organizations to set their individual teams up for training. Your organization will designate a point of contact who will work with our point of contact to make sure your team is set up for success. Not all employees have to complete the training. It is important to decide which employees you think would benefit most from learning about cybersecurity.
Lessons can be completed in any order, although we do have a suggested path. There is a pre and post-test for each lesson, with test scores being delivered after each lesson. These reports allow you the opportunity to look at how the training has been beneficial to your organization. We also send reminders out a few days after lessons are sent to employees who have not logged in and started yet.
Does Montana require SAT for employees?
Individual participants completing 5 of the 6 available lessons over the 3-month period will be awarded a digital badge/certificate of completion in Cybersecurity Awareness Training. Additionally, businesses will be validated as Cyber Aware if 75% of employees complete their assigned lessons.
How does your business benefit from Cybersecurity training?
Cybersecurity training is not required in the state of Montana. There are many benefits to having a cyber background. With the right knowledge, there is a decreased exposure to human-triggered cybersecurity threats. There are also cybersecurity liability insurance requirements often met by these pieces of training.
Some organizations look for an employee to have a badge or certificate to accompany their training. Individual participants completing 5 of the 6 available lessons over the 3-month period will be awarded a digital badge/certificate of completion in Cybersecurity Awareness Training. Additionally, businesses will be validated as Cyber Aware if 75% of employees complete their assigned lessons.
Conclusion
Please contact CyberMontana if you would like to take advantage of our free end-user Security Awareness Training or any of our other cyber offerings to upskill or re-skill your existing cyber and IT workforce or build your future workforce pipelines with our existing training cohorts.
*Tessian, 2020. The Psychology of Human Error
