The link above is a fascinating article about Tesla and attempts by foreign actors to exploit their sensitive data (trade secrets) and hold for ransom. Take a moment and read it…
This article is a great example of why Security Awareness and Training is an essential aspect of any company’s continued success. Over six weeks the suspected hackers targeted and cultivated a relationship with a Tesla employee and revealed their plan to the employee. They planned to utilize a denial-of-service attack so the employee can then introduce the data-stealing malware via a thumb drive or in an email attachment. Luckily for Tesla, the employee immediately contacted the FBI. If the hacker had been a little more discreet and savvier with his approach, could he have obtained the Tesla employee’s knowing or unknowing support? One could only imagine.
Instead of Tesla, put your organization into the crosshairs. Does your company’s sensitive data make your employee’s targets of corporate espionage? Are your employees aware of the sensitivity of the data in which they use? Are they trained on the responsible use of information system within the organization? Does your company allow employees to use thumb drives? Do your employees know what to do or who to contact in the event of a potential cybersecurity incident?
Every organization should develop, document, implement, and disseminate a security awareness and training policy. This policy should institute an informative training plan for any employee utilizing your organization’s information systems. This training should be done before a person is given access to any information system and re-given at a minimum, annually. General User and Privileged User training are necessary to hold employees accountable to company standard and should be recorded for each year the employee is with your organization.
Training should be interactive and communicate to the end-user the organizations expectations for the responsible usage of:
- Social media
- Bandwidth usage
- Authorized website and platforms
- Media usage on company Information Systems
- Handling of company proprietary, sensitive data or personally identifiable information
- Public relations information and more
Should your organization need support developing, documenting, implementing, or assessing the effectiveness of your Information System Security Awareness and Training program, contact us! We are here to help!