Recently we got a request from a company. After a minor potential security incident, they required their staff to undergo security training with the aspect of business they were in. This works in 2 ways, first of course it helps that their staff are reiterated about the security policies, the lapse that happened, and common problem areas and their solutions. Additionally it helps help give a tick to declare to their clients and associates that this process has been done.
We accordingly created a custom staff security training program which included the following
- Fact finding: we sat with the team to get more details of the incident, understand the current process.
- Training session with Q&A: Delivered a training session to the clients team to educate on general information security and also cover areas specific to the incident, including a Q&A session in the end.
- Awareness material: Created awareness material, covering the incident, which was shared with the client.
- Preventive controls: Help implement preventative controls to avoid a repeat of this situation.
- Final report: Sent a final report with all the details including the security training presentation, and security awareness materials, and answers to important Q&A.
Humans are still considered the weakest link in security, hence a regular security training is important to help close potential security gaps in your organisation.