תקן אבטחת מידע
ISO 27001
Employee awareness of information security
According to studies, 90% of cyber attacks are focused on the human factor. It is much simpler to use a worker who will open an innocent looking link that will turn out to be malicious.
If we examine information security incidents in recent years, we will discover quite a few incidents that could have been easily avoided through education and advocacy.
Bringing employees to know the issue of information security in the organization significantly reduces information security incidents, safeguarding the organization's assets and its business interests.
Increasing employee awareness of information security is required to take place on an ongoing basis, throughout the year and not as a one-time event. For example, when a new employee is absorbed into the organization, or through periodic refresher procedures.
Increasing awareness among employees in the organization:
First, training must be carried out that is adapted to the nature of the organization, the type of threats and the appropriate ways of coping (for example, how to conduct work with laptop computers).
How will we raise the level of awareness for the whole company?
A suitable program is built for each company based on a mix of services with varying frequency. The program will be based on the following:
Training
Carrying out trainings as part of work processes, for example the entry of a new employee, annual trainings that are suitable for types of employees such as development teams, general at the company level
Proactive phishing checks
Proactive phishing checks will be carried out once in a while to check the vigilance of the employees.
The tests will be adapted to the nature of the work and the organization and with varying frequency
External penetration tests
Penetration tests will be performed as part of a wider commitment and will also include the human element