20 for 2020: Awareness Training is Number 17…

(…and that should tell you something)

Originally from David’s Linkedin:

Ch 17 of Tetra Defense’s #20for2020: “Awareness training is number 17…that should tell you something”

After a three week hiatus, we’re back in the saddle to wrap up our series on the Center for Internet Security’s 20 Controls.

And some might criticize the presence an adorable dog in the video as a cheap hack to drive viewership. Well, that’s exactly what this is. But if Boone can help spread the word about good cybersecurity practices, then I’ll happily ride his coattails.

Today we’re talking about security awareness training. Of all aspects of a good information security program, this is the one that most non-technical people might be aware of.

But remember, the CIS list is a prioritized list, meaning that there are 16 things that are more important that awareness training. That’s not to downplay its importance, but rather, to remind you that doing a phishing simulation and awareness campaign does not make you a secure company. There’s a lot more to it than that.

There are some great vendors out there, like Infosec and KnowBe4 that offer economical and effective role-based training. So, please, do the awareness training to be more secure. But you’re not secure if you’re only doing awareness training.

Check out the rest of the 20 for 2020 video series: