Share this
Cybersecurity Awareness Month: The Importance of Internal Training and Testing
by Josh Lamb on Oct 21, 2021 12:00:00 AM
October is Cybersecurity Awareness Month. It's not just a time to talk about why cybersecurity is important with your staff. It’s a time to train and test your staff on cybersecurity concepts. At DNSFilter, that’s something that we’re always striving to do.
As a cybersecurity company that categorizes and blocks malicious websites, it’s important to us that our staff are adept at identifying suspicious and malicious activity. We want them to question things with a zero-trust attitude, even when the possible threats seem to be coming from inside our network.
There are a few ways we promote cybersecurity awareness internally:
- A cybersecurity policy—this is something every employee needs to read and sign. It details how we handle passwords, how we expect employees to treat our cybersecurity requirements, and how to report suspicious activity.
- A dedicated team to handle reports of suspicious activity—and everyone knows who is on that team, too! We even have a dedicated Slack channel for it.
- Testing our employees to help educate them—more on that in a bit.
- Eating our own dogfood—DNSFilter is an important part of our cybersecurity stack.
For this Cybersecurity Awareness Month, we focused on testing our team’s cybersecurity awareness with help from our friends at HacWare. Here’s how we conducted the test and what we learned from it.
Note: We run tests like this every several weeks, and recommend everyone do the same. It’s incredibly important to maintain awareness, especially as teams grow. It’s easy for a new employee in particular, who’s not yet familiar with communication styles and is maybe new to cybersecurity, to fall for these sorts of emails.
Launching a Phishing Test
The campaign we ran with HacWare was to test phishing knowledge in particular. We have a procedure in place at DNSFilter to report possible phishing emails, and running this test enabled us to reinforce this procedure. Newer employees who had less interaction with this policy in the past were reminded of it, and employees who have been around for a while got a nudge of what is expected.
The tests went well, with many employees alerting others in Slack about the possibility of a phishing campaign against us across different Slack channels. Everyone was prompted to report these possible phishing emails in our usual way, meaning across the organization everyone was putting our cybersecurity policy into practice.
This is a valuable reminder that regular conversations around cybersecurity, prompted by actual internal testing, are the best ones to have.
When faced with the possibility of a phishing attempt, how do you want your employees to react? Creating a policy and enforcing it is step 1. Testing that policy to make sure everyone understands it, however, is even more important. If your policy is convoluted or not comprehensive enough, you’ll learn it in testing.
And it’s much better to learn that you need to rework your policy in testing as opposed to in the face of a real spear phishing campaign against your company.
This test didn’t reveal anything major that we need to change about our security policy, but it did validate the continued need for regular testing—especially as the DNSFilter team grows.
Do Your Part. #BeCyberSmart.
Share this
Categories
- Featured (263)
- Protective DNS (21)
- IT (15)
- IndyCar (9)
- Content Filtering (8)
- Cybersecurity Brief (7)
- IT Challenges (7)
- Public Wi-Fi (7)
- AI (6)
- Deep Dive (6)
- Roaming Client (4)
- Team (4)
- Compare (3)
- MSP (3)
- Malware (3)
- Tech (3)
- Anycast (2)
- Events (2)
- Machine Learning (2)
- Phishing (2)
- Ransomware (2)
- Tech Stack (2)
- Secure Web Gateway (1)
The Children's Internet Protection Act (CIPA) is a critical law designed to ensure that students are protected from harmful online content. It requires schools and libraries to implement Internet safety measures, such as filtering and monitoring, to safeguard minors. Compliance with CIPA is essential for institutions seeking E-Rate program discounts for Internet access and internal connections.
Customer experience is the secret sauce that sets successful Managed Service Providers (MSPs) apart from the rest. In a market teeming with competition, you need more than offering the best technology or the lowest prices. It's about how clients feel when they interact with your services. A stellar customer experience can transform a one-time client into a loyal advocate, while a poor one can send them running to your competitors. According to a ...
As demand grows for constant connectivity to the digital world, offering free Wi-Fi has become as essential for restaurants and retail stores as providing quality products and exceptional service. Customers increasingly expect to stay connected wherever they go, and the availability of Wi-Fi in restaurants, shopping malls, and retail outlets significantly influences their choice of where to dine and shop. For businesses, providing in-store Wi-Fi ...