(Link is at bottom of post).
Every company should have a certifiable online security training, from how to handle documents to different techniques such as phishing, social engineering, etc.
I am an avid certification collector, so long as I don’t have to pay for it (and some I did). The United Nations offers several great courses in cyber security, active shooter response, and security in the field.
The two we’re going to talk about today are the foundational and advanced certificates:
The courses and training do have some UN-specific elements, such as reference documents within the UN pertaining to retention periods, classification and destruction of data, and UN or military-related scenarios.
I found it trivial to relate the work being done in the scenarios to my day-to-day tasks, and I find most people will not struggle with the material. There’s nothing against taking notes, but I did not need to at any point.
The foundational course is a prerequisite to the advanced course, and then there is a third one (that I have not completed) that deals with additional training.
The training reinforces best security practices:
- Verifying encryption is being used (VPN or HTTPS)
- Prioritizing cell-phone based hotspots instead of public wireless if possible, or falling back to encryption.
- Scenarios demonstrating who you should share your password with and how they are social engineered from people (yes, even your manager should not have your password).
- Password complexity rules, and entropy (how adding characters adds time to crack a password).
- How to spot phishing sites (paypal.example.org, etc).
- Navigating away from browser-based virus popups instead of installing the software.
- Always reporting errors and security issues to the IT staff.
Obviously, there’s a lot covered, as you will see. The course is offered free to everybody, so I cannot see why this would not be a good solution for small companies that cannot afford proctored exams or the development of training material.
Has anybody else found great employee-level solutions for security training? I’d love to hear about it!
Here’s the link! United Nations Information Security Portal