“There’s only one way to defend America from these cyber threats and that is through government and industry working together, sharing appropriate information as true partners,”- ( Barack Obama ). Any facility or business that handles data, whether its internal or external data requires security and assurance that the information is handled safely. Putting myself in the shoes of an information security manager I would facilitate a cyber security awareness program in the month of October which is cyber security awareness month for employees within my work environment.
I would break down the month into 3 main phases for education. The first phase would be “Awareness” I would enact this by utilizing GoPhish it is an open-source framework interface that allows cyber security to test an organization’s exposure to phishing scams and who is most likely to fall for scamming.On October 1st using GoPhish I would send a company wide test phish scam to see who would fall prey to the scam.
The message would have the contents of the recipient losing money due to a tax oversight and by clicking a certain link and giving out their information they would receive the money back. I would use a non official email as a clue and the logo would be distorted in some way. Once the user clicks the link some sort of face pops and says “ you’ve been phished “. The likelihood of individuals to open the phishing scam emails is 31% and the probability for them to click the link is 8%. I believe this exercise is necessary for employees to show them how susceptible they are to being phished and losing critical personal information.
The 2nd phase would be multiple cyber security awareness training classes in a single week. Different times and days facilitated for workers schedules; I would make the classes insensitive worthy as well so they would attend. These classes would teach the average employee password protection practices, Copier/ Printer security, email security, and overall safeguarding data. Critical knowledge on automating backups and build-in redundancy. Cloud back ups are becoming increasingly popular. Sharing data into the cloud automatically replicates, backs up, and stores the information.
Another way to safeguard data is scan computers for spyware regularly, some programs may contain spyware or adware that hinders performance. Professionals need to be educated on the use and maintenance of antivirus software and firewall protection. This workshop encourages cyber security knowledge as a way of the workplace , creating as such into a norm is the first step to infallible security.
The 3rd and final phase which would end off the month on an high note is I would invite a cyber security advisor directly from The Department of Homeland Security. Suggesting the best type of advisor would be an individual who is CISSP certified for the utmost highest tier of cyber security professionalism. An event hosted by the cyber security advisor, a presentation on how the government protects its secrets and how critical information security is to our country.
This final event should give all employees a fine perspective of the importance of critical infrastructure and cyber security awareness. Inevitably these practices will extend to the employee’s everyday life using their awareness not only within the workplace but also at home. Common civilians are being hacked everyday whether its their social media, credit cards, or even identity; utilizing the same training learned in the workplace can save the a someone from data theft.
A huge takeaway from all the aspects of the cyber security awareness month would be the comprehension of learning that every single person who has personal information is at risk of being hacked. Even physical hardware is risky for example leaving a hard drive with a TB of data lying around could be taken by anyone. Information Security extends onto all platforms; to fight against threats we must first know our weaknesses and fortify our defenses.