SECURITY AWARENESS

DSA 102
LESSON 1
INTRODUCTION TO SECURITY
AWARENESS
Prepared by:
Prof. Rey-an V. Baricanosa, MSIT
 Lesson Objectives

At the end of this lesson, you will be able to:

1. To understand the importance of security awareness

2. Understanding the security awareness practices

3. Knowing the vital role of security awareness in every organizations

 SECURITY AWARENESS

Security awareness is the knowledge and attitude members of an

organization possess regarding the protection of the physical, and
especially informational, assets of that organization.

We live in a digital world, where an increasing amount of our day-

to-day activities have migrated online. We work, communicate, conduct
commerce, and interact online, and our reliance on cyber security has
increased accordingly.
 SECURITY AWARENESS

Cyber-criminals can effortlessly wreak havoc on our lives and

businesses. Our increased use of the internet and mobile usage gives
them even more opportunities to exploit our vulnerabilities. In the
commercial sector alone, a successful cyber-attack can bring a company
to its knees, causing damage that, in some cases, cannot be recovered.
 SECURITY AWARENESS

The cost of cyber-crime averaged $11.7 million in 2017 and $13

million in 2018, a rise of 12-percent, and an increase of 72-percent over
the past five years, according to Accenture’s Ninth Annual Cost of
Cybercrime Study.

Fortunately, there are processes an organization can initiate to help

mitigate the effects of cyber-crime, beginning with the essential first step
of raising cyber security awareness.
 What Is Cyber Security Awareness?

Human beings are still the weakest link in any organization’s

digital security system. People make mistakes, forget things, or fall for
fraudulent practices. That’s where cyber security awareness comes in.
This involves the process of educating employees on the different cyber
security risks and threats out there, as well as potential weak spots.
Employees must learn the best practices and procedures for keeping
networks and data secure and the consequences of not doing so. These
consequences may include losing one’s job, criminal penalties, or even
irreparable harm to the company.
 What Is Cyber Security Awareness?

By making employees aware of the scope of the threats and what’s at

stake if security fails, cyber security specialists can shore up this
potential vulnerability.
 What Are the Benefits of Cyber Security
Awareness Training?
First and foremost, a staff well-trained in cyber security poses less of a
risk to the overall security of an organization’s digital network.

Fewer risks mean fewer financial losses due to cyber-crime. Therefore, a

company that allocates funds for cyber security awareness training for
employees should experience a return on that investment. Furthermore,
if all employees get training in cyber security practices, there will be less
likelihood of lapses in protection should someone leave the company. In
other words, you’ll reduce the chances that a security breach occurs
because a critical employee wasn’t at work that day.
 What Are the Benefits of Cyber Security
Awareness Training?

Finally, a company with security-aware personnel will have a better

reputation with consumers, since most are reluctant to do business with
an untrustworthy organization. A business that is repeatedly subject to
security breaches will lose customers as a result of negative publicity,
regardless of the actual impact of any particular breach.

To create this enhanced level of security, people need to be informed of

best practices.
 What Are Security Awareness Best Practices?

If you read enough business-oriented articles, you’ll eventually come

across the phrase “best practices.” It’s a nice bit of jargon, but what
exactly does it mean? In generic terms, “best practices” is defined as
procedures shown by experience and research to produce optimal
results. These procedures get accepted as a standard for widespread
adoption.
Much of cyber security can be broken down into seven main topics:
1. Data breaches
2. Secure passwords
3. Malware
4. Privacy
5. Safe computing
6. Mobile protection
7. Online scams
The most commonly referenced security awareness best practices
include:
• Getting into compliance - Different cities, states, and nations have
different rules and regulations to follow. Everyone must become
aware of these rules because ignorance of the law is not an adequate
defense.
• Including everyone, even managers - It’s all or nothing. Anyone not
participating in the new security measures constitutes a possible
weak link. If everyone isn’t fully engaged, it’s all for nothing. This
particular practice also assumes that all departments (e.g., HR, Legal,
Security) must buy-in and help make it a reality
• Establishing the basics, which include:
 Anti-phishing tactics - Employees need to be suspicious of emails
from unrecognizable sources. Phishing scams use emails to gain
access to systems and wreak havoc. Employees must be educated on
things like suspicious links, attachments, and untrustworthy sources.
 Password security - There’s no excuse for having the word
“password” as your password. They should be at least eight
characters long, with both upper and lower case letters, numbers,
and a minimum of one unique character. Avoid mistakes such as
writing the password on a post-it note and attaching it to your
computer.
  Physical security - This includes everything from physical access to
your company’s IT department to keeping your company-issued
mobile devices and laptops locked and within sight at all times.

 Social engineering - It’s crucial to raise everyone’s awareness of

hazards, such as attempts

• Clearly communicating your security awareness program - This practice

is especially important for middle and upper management. The higher-
ups need to be kept in the loop, apprised of the current progress, and, in
rare instances, report if any individual or department isn’t compliant.
• Making the training engaging and even entertaining - Company
meetings and seminars are often dull affairs that everyone does their
best to avoid. Keep people engaged by showing a humorous (yet topical)
video or sharing odd and quirky security-related anecdotes. Just don’t
overdo it.

• Reinforcing important messages with reviews and repetition - People

often make the mistake of thinking that if they do something once, they
don’t have to do it again. Cyber security is an ongoing thing and should
include occasional tests and checks, scheduled at regular intervals
throughout the year.
• Creating an environment of reinforcement and motivation - Promote
constant vigilance and learning by creating a security culture that runs
through every organizational level, down the entire chain of command.
While it’s not necessary to continually harp on the subject with
employees and end-users, cyber security should be a very relevant,
everyday topic