Phishing is when an email is sent to an employee requesting them to click a link to update or enter their password. The employees password is then sent to the hacker and used to compromise their online accounts. Employees need to understand how to identify a phishing attack and defend against not clicking suspicious links.
Employees should understand how to create strong passwords and learn why passwords are so important in protecting their online accounts. They should also understand the risk of password reuse between personal and corporate accounts.
Employees should understand that accessing information is a privilege and need to know access should be practiced at all times. Sharing sensitive data outside of the organization should be taken very seriously and employees should know your organization’s policy for protecting information.
Employees should be aware that ransomware is one of the most popular threats targeting districts across the world. If the ransom is not paid, your computer and all of its data is unrecoverable. The best way to defend against ransomware is to prevent it from happening in the first place.
Employees should be aware of these risks and how quickly plugging one of these devices into a computer system can impact their organization. Employees should also be aware of protecting sensitive information when using removable media.
Employees need to understand when and how to identify a social engineering attack. They need to be aware to slow down when being requested sensitive information and trained to not disclose, fall out of line or be manipulated to break company procedures.
Employees should be aware of these risks and how quickly plugging one of these devices into a computer system can impact their organization. Employees should also be aware of protecting sensitive information when using removable media.
Employees should be aware of how to identify a suspicious website and why these websites can be a major risk for your organization. They should also understand the importance of keeping browsers up to date and secured.
Employees must be aware of their role in responding to an incident. Your organization should practice responding to mock incidents at least annually and discuss steps on which roles, procedures, and plans are needed to respond to cyber incidents.
Employees should be aware of how to identify a BEC attack and what characteristics make a request suspicious. They should be trained to follow processes and procedures for authorizing transactions within your organization.
Employees should be aware of best practices to prevent sensitive information from being viewed by unauthorized sources. This would include locking computers when unattended, keeping sensitive files in a locked cabinet when not in use, and being aware of your surroundings when working on sensitive data.
Employees should be aware of safe wifi practices and understand the concept of using a VPN. Wifi will continue to be a major threat towards mobile employees and they should be trained on how to defend against wifi threats when working remote.
Employees should be aware of the concept of multi-factor authentication and why it is useful for them at work and in their personal lives. They should be trained to use multi-factor authentication when available and understand how it protects their online accounts.
Employees should have a working knowledge of current privacy regulations, how it is relevant to their position, and what their responsibility is to safeguard students valuable and sensitive information.