Cybersecurity Education
What one thing determines whether your employees are an asset or liability? It is training!! If your employees are trained, they are an asset, if they are not trained, they are a liability. Untrained employees are the weakest link in an organization’s cybersecurity.
According to the 2022 Verizon Data Breach Investigations Report (DBIR), 82% of data breaches involved a human element, including social attacks, errors, and misuse. The most common delivery vehicle of the social attacks and errors are email. These emails are the source of malware, ransomware, business email compromise, and network compromise. How are the targets for these social attacks and error emails determined? What is on the other end of these emails? Guess what happens to your business network when your employees are not trained…
How does this work? Hackers are extremely skilled at social engineering, which is defined as, the art of building rapport and manipulating individuals to give up confidential information usually via phone. They are equally as adept at what we like to call “Cyber” engineering techniques, which is defined as, the art of assembling information posted on social media into a profile of an individual. Some hackers take it a step further once they have the profile developed and contact the individual to build rapport, either electronically or by phone.
Hackers know there is a tremendous amount of information related to individuals and their employers posted on social media. They select a victim company based on their requirements and begin to mine social media for information related to the target company and its employees. Some employees make it very easy for hackers to build profiles, due to the amount of information they post about themselves online. The profile information could include your company’s email format, for example first initial last name @ company name. This information facilitates the creation of target specific email. Next the hacker attaches malware to the email. Finally, the email is sent to your employee and…. your network is compromised. All the money your IT Department spent on hardening your network was wasted in this instance, because the offender by was invited in.
The solution to this problem is not solely a technical one. Phishing tests are important, but if your employees do not understand what is at stake, they will not take them seriously. That being said, the one thing determining which category your employees fall into is training. If your employees are trained, they are an asset, if they are not trained, they are a liability. Following this same train of thought, untrained employees can be the weakest link to an organization’s cybersecurity.
It is important to note security has two sides, physical and cyber. Some of the basic concepts apply to both, but they become different very quickly. The most requested cyber awareness training programs involve email-based threats, business email compromise, spear phishing, ransomware, and social engineering. (Please see the Risk Mitigation section for information on the Physical Security services we offer.)
Tailored Security Awareness Briefings (Cyber/Physical)
With decades of experience in cybersecurity education and training at all levels, we can design an appropriate program for your employees that is both educational and engaging.
Cybersecurity Education Awareness Training/Briefing
“Bad” guys are extremely adept at “hacking” the human. They prey on human error, which is often unwitting. Arruda Group’s training methodology attempts to change employee behavior and build a security focused culture; one in which employees understand what is at stake. This training seeks to educate employees on current Cyber Threats such as Spear Phishing, Ransomware, Business E-mail Compromise, Credential Stuffing, and Social Engineering. The solution to this problem is not purely a technical one, employee training is the best return on investment with regard to Cybersecurity spending. This class can be used as is or modified to meet your organization’s annual Cybersecurity training requirement.
Hidden Threat of Social Media Training/Briefing
Social Media fuels Cyber Crime!!! As a society, we live our lives on Social Media and criminals know and take full advantage of this. Learn how, terrorists, criminals, and spies, “bad guys” take the seemingly innocuous information your employees post online and use it to compromise your company’s network. Specifically, you will see how these “bad guys” are able to employ “cyber” engineering techniques to transform this information into targeted (infected) emails or attachments that will be opened. In these instances, it does not matter how robust your IT budget is, because the offender has totally bypassed it.
Social Media Vulnerability Assessment (SMVA) Training/Briefing
ARRUDA Group will analyze your organization’s Internet presence, including a sampling of employees Social Media, through the lens of a “bad guy.” The purpose is to show how threat actors can use this information to break into your organization. The findings are assimilated into a training session for the organization or a briefing for the C-Suite//Board. This approach has been exceptionally successful in educating employees on the threat associated with social media and email, because the content of the training is relevant to the organization. The cybersecurity education training has resulted in numerous policy changes across the organizations that have been evaluated. The attendee feedback has been extremely positive.
Cybersecurity Education for the C-Suite Training/Briefing
The first order of business in training the C-Suite and the Board of Directors is to explain the job descriptions of the Chief Technology Officer, CTO, and the Chief Information Security Officer, CISO. They are two completely different roles. One is responsible for technology and the other is responsible for information security. Their jobs may overlap in some places, but that is where it ends. The next point to illustrate is it is no longer if your network will be compromised, it is when you discover the compromise. The purpose of this training class is not to turn the C-Suite into cyber security experts, but to educate the C-Suite on the reality of the organization becoming a victim of cyber threats.
Women, Social Media, and Safety Training/Briefing
The Internet is both an AWESOME and SCARY place. It is like any other tool, proper training, and usage dictate success.
There are steps women can take to make themselves safer on Social Media. One of the first mistakes individuals of both sexes, make is not understanding that www stands for world wide web, not my friends and family. We need to keep our personal life personal. The entire world does not need to know you are having relationship troubles, financial issues, problems with your kids, or issues at work. These incidences are invitations to predators.
Revenue from online dating is second only to pornography on the Internet, it is a $2 billion a year industry. There are 54 million singles in the United States, keep in mind about half of them lie about themselves online. So how can women protect themselves? Keep your personal information to a minimum on all social media sites. You don’t want to provide limited information on a dating site and your whole life story on Facebook. Create an e-mail address, and password, specifically for online dating sites. This way you can compartmentalize your online dating communication. Pay the website fees with a pre-paid credit card, to keep information about yourself to a minimum and prevent credit card fraud. Do not provide your home address or specific employment information, use generalities to describe yourself. Do not post photographs that identify your home, work, or friends. When you find a good match, perform your own due diligence searches.
Keep an eye out for our book.
Cybersecurity Education – Custom Training
Personal Safety Security-Consciousness Training
We live in a society loaded with distractions. These distractions render us vulnerable to threats. Many individuals are totally oblivious to what is happening right in front of them. How can this be? It is extremely hard to be aware of your surroundings focused on your cellphone with earphones in your ears. This behavior leads to accidents and assaults. I can not tell you how many times individuals have walked in front of my moving car while engrossed in their phone screens. Fortunately, as a retired FBI Special Agent, I am extremely aware of what is going on around me. I am not trying to get across the street without tripping or walking into a sign, I am cognizant of threats. This class will illustrate why you need to be present to preserve your safety, and provide tactics to keep you safe, especially women and college students.