Top 10 Security Awareness Training Topics [Updated 2020] Internet security awareness and information

Top 10 Security Awareness Training Topics [Updated 2020] Internet security awareness and information
Top 10 Security Awareness Training Topics [Updated 2020] Internet security awareness and information

Internet security is everyone's responsibility. Internet security means online entertainment - chatting with your friends, uploading videos you've created or posting songs you've written, getting information on your interests for free, watching the latest trends - any bullying, harassment, scams or your ideas being stolen without your permission. Without, including the theft of your identity.

Internet security is not just about seeing if your computer has the latest anti-virus and firewall software installed. See how you handle yourself online and how you treat other people (especially strangers you've only met online), and don't fall prey to scams due to your lack of knowledge

Why is it important to be safe online?
Most of us are 'connected' through our laptops, mobile phones, tablets and personal computers. The Internet is a valuable resource and a great source of entertainment, making friends and keeping in touch with people and learning a lot. If you use the Internet without safety awareness, you run the risk of being the victim of an illegal activity or being exploited - be it bullying, fraud or any other serious crime. Not everyone we meet but people on the internet are not always what they seem at first glance.

Just as you learned about safety when you leave home, it is important to learn how to stay safe online. This is a skill that will stay with you for a lifetime.

Here are some special rules to follow when you are online
  • Do not provide your personal information such as your address or phone number.
  • Don't send your photographs to anyone, especially vulgar photographs.
  • Don't open emails or attachments from people you don't know.
  • Don't make online friends with people you don't know.
  • Don't plan to meet the person you met only online.
  • If you read something online that worries you, tell your parents or someone you trust about it.
Things to keep in mind

The following are important things to keep in mind when you and your family are surfing the web:
  • Online information is not usually private.
  • It doesn't always have to be what people say online.
  • Anyone can put information online.
  • Not all information you read online is necessarily reliable.
  • Unexpectedly or unintentionally you may find abusive, obscene (including child pornography), violent or racist information when you and your family search the web for information.
What are the risks involved?
  • Damage or theft to the device. Damage or theft of the device affects your productivity, damages information, and carries the risk of being liable under the Data-Security Act.
  • Loss of sensitive information. Many mobile devices contain sensitive and confidential information. For example personal photographs and videos, email messages, text messages and files.
  • Unauthorized network penetration. Because many mobile devices provide a variety of network connectivity options, they can be used to attack a secure corporate system.
  • Truncated or tampered with information. With so many business transactions taking place on a mobile device, there is always the concern that important information may be intercepted or tampered with by tapped phones or microwave transmissions.
How can I avoid this?
  • When choosing a mobile device, consider the security features and make sure that it is enabled.
  • Install and maintain an anti-virus application on your smartphone device.
  • Do not follow the link sent in the suspicious email or text message.
  • Take care of what information you want to store on your device.
  • Take care of what information you want to store on your device.
1. Clean Desk Policy

Sensitive information on a desk such as sticky notes, papers and printouts can easily be taken by thieving hands and seen by prying eyes. According to the mandates of a clean desk policy, the only papers that should be left out are ones relevant to the current project you are working on. All sensitive and confidential information should be removed from the desk at the end of each working day. During lunch or any emergency departure during office time, all critical information should be placed in a locked desk drawer.

2. Bring-Your-Own-Device (BYOD) Policy

BYOD covers the employees’ personal computing possessions which might be used in a work setting. They may include mobile devices, audio players, digital cameras and various other portable electronic devices which could be utilized to steal sensitive data.

BYODs are also a part of “IT consumerization,” whereby a consumer’s hardware and/or software is brought into the organization. Ensuring the security of devices within BYOD is a daunting task. However, enterprises can achieve it by implementing a proactive security training program. This program should include the following best practices for your employees:

  • From a security standpoint, each mobile device is not 100% secure. According to a McAfee Threat Report from Q1 of 2018, though security is the great concern to both Apple and Google — apparent by an investment they have made into resources to safeguard the platform completely from the component level to the app store — plenty more work still needs to be done. Unlocked devices are more vulnerable than locked devices. Organizations should create a list of acceptable and banned devices. The security staff must verify that each BYOD is within the acceptable list; all others should be prohibited
  • In addition to the devices themselves, the allowed applications on them should also be specified. Many freeware mobile applications are insecure. The McAfee report also noted that malware campaigns have been targeting users on the Google Play Store since its inception. Therefore, organizations should provide training to employees about infected and non-infected applications and encourage them to use only those applications that are available on the allowed list
  • All employees should be aware of the fact that their BYODs are being monitored constantly and any malicious activity could alarm the security management
  • The BYOD policy should include password protection to protect critical data in case of theft or damage. In addition, each device should be updated with the latest antivirus program
3. Data Management

There are numerous types of data (such as a backup copy of customer contracts or mission statements) and a lot of employees may not be aware of this fact. These employees do not realize the significance of classified data. For example, from a financial standpoint, a backup copy of a customer contract is more important than a backup copy of a mission statement. Employees should learn about all the types of data so that they can understand their business criticality.

4. Removable Media

It’s more common than you think for employees to find a removable thumb drive or external hard drive in the parking lot, bring it inside and plug it into their computer to see who it belongs to, only to find the device was planted there to either destroy or take over their computer with malware. The secure usage of both personally-owned devices and corporate devices is crucial. Unauthorized removable media may invite data security issues, malware infection, hardware failure, and copyright infringement.

Your corporate personnel must be educated about the menaces of unsolicited removable media and prohibited from accessing any stray media such as an external hard drive, even if it’s on a secured system.

5. Safe Internet Habits

Almost every worker, especially in tech, has access to the Internet. For this reason, the secure usage of the Internet is of paramount importance for companies. Security training programs should incorporate safe Internet habits that prevent attackers from penetrating your corporate network. Below is a list of some safe Internet habits for your employees:

  • Employees must be conversant with phishing attacks and learn not to open malicious attachments or click on suspicious links. This is achieved by a deeper understanding of the warning signs of a phishing attack
  • It’s better to disable pop-up windows, as they invite risks
  • Users should refrain from installing software programs from unknown sources, especially links infected with malware. Nowadays, an overwhelming number of websites offer free Internet security programs that infect your system rather than protecting it
6. Physical Security and Environmental Controls

Security awareness isn’t just about what resides in your company’s computers or handheld devices. Employees should be aware of potential security issues originating in physical aspects of the workplace. This includes spatial awareness as well as physical components.

Examples of spatial issues include:
  • Visitors or new hires watching as employees type in passwords (known as “shoulder surfing”)
  • Letting in visitors claiming to be inspectors, exterminators or other uncommon guests who might be looking to get into the system (called “impersonation”)
  • Leaving passwords on pieces of paper on one’s desk
  • Leaving one’s computer on and not password-protected when leaving work for the night
  • Leaving an office-issued phone or device out in plain sight
Physical security can also encompass physical aspects of the building, from keycard-enabled door locks to locked and secured data banks with regulation fire extinguishers and properly reinforced glass.

But even these seemingly-impregnable defenses have a security awareness component. For example, employees must be wary when entering the building of letting in unknown people hanging out by the door. A technique known as tailgating occurs when an employee uses their keycard and opens the door but is unaware that someone else has snuck in behind them before the door closes. A related breach, called piggybacking, is when the intruder enters with the help of the employee, such as a person who claims to have lost their keycard and asks if you’ll buzz them in, or a visitor carrying a heavy object who asks the employee or front door guard to “get the door” for them.

The maintenance and upkeep of physical security is important not just to the maintenance staff, but also rank-and-file employees. For example, if you notice that a keycard-enabled door is stuck and comes open even without proper authorization or a security camera appears to be damaged or turned off, it’s important to report this information to the appropriate authorities.

7. Social Networking Dangers

Nowadays, enterprises use social networking as a powerful tool to build a brand (either locally or globally) and generate online sales. Unfortunately, social networking also opens the floodgates for phishing attacks that can lead your company towards an immense disaster. For example, Facebook shared its users’ data without their permission to third-party apps developers. News Corp Australia Network reported on May 1, 2018 that it was not just Facebook, either: Twitter also sold users’ data to Cambridge Analytica Ltd (CA), a British political consulting firm that was influencing the U.S. 2016 elections.

To prevent the loss of critical data, the enterprise must have a viable social networking training program that should limit the use of social networking and guide employees with regard to the menace of phishing attacks. In addition, ask your employees not to provide their credentials or login information to unknown sites or sites that are similar to the original one. For example, the user must carefully see the difference between and

8. Email Scams

Email scams involve fraudulent and unsolicited emails that claim to offer a bargain for nothing. A scam email lures a user for the free offer, bogus business opportunity, guaranteed loans or credit, easy money, health and diet schemes and so forth. According to the Federal Trade Commission, scammers were duping numerous soccer fans with phishing emails to entice them with totally fake and “free” trips to the World Cup.

The security training program of your organization has to include some tips for employees to make them aware of the email scams and educate them about avoiding these scams. Below is a list of tips your employees should know or learn:
  • Do not trust unsolicited emails
  • Do not send any funds to people who request them by email, especially not before checking with leadership
  • Always filter spam
  • Configure your email client properly
  • Install antivirus and firewall program and keep them up to date
  • Do not click on unknown links in email messages
  • Beware of email attachments. If you get one from what looks like a friend, contact them independently to ensure that they actually sent it
9. Malware

A training session on malware should illustrate malware types and their implications. Malware types should include adware, spyware, viruses, Trojans, backdoors, rootkits, ransomware, botnets, logic bombs and armored viruses. Employees should learn how to identify malware and what to do if their device or network has been infected. The immediate response should be to turn off the system or device and inform the security management team.

10. Hoaxes

A hoax is defined as a falsehood or deception that is fabricated deliberately to subterfuge and victimize the users. The attackers generally use hoaxes through emails to harm employees.

A hoax email often notifies users about supposed imminent threats. For instance, a hoax might inform you that your computer will be badly compromised if you don’t turn off it at 3 a.m. on Friday the 13th.

A useful training program should teach employees about hoaxes. Instead of trusting a hoax, employees should learn how to respond to them. Only emails that are verified by your security department and relevant to your corporate business should be trusted. In case of any threatening email, immediately alert your IT security department.


Employees play a crucial role in running a successful business. An untrained and negligent workforce can put your enterprise in danger of multiple data breaches. Therefore, organizations must adopt a viable security training program that should encompass the essential guidelines needed to thwart imminent cyber-incidents.

Your organization should also set monthly training meetings, provide frequent reminders, train all new personnel on new policies as they arrive, make training material available and implement creative incentives to reward employees for being proactive in ensuring the security of the organization.

Post a Comment

Previous Post Next Post