If you want to ensure that your organisation handles its data securely, you should take steps to promote security awareness to all your employees.
ISO 27001 annex control A.7.2.2 requires regular security awareness training for all employees and contractors within compliant organisations.
We should note that even if the standard didn’t require promoting security awareness, we would still strongly recommend it.
According to ISO 27001:2013 annex A.7, security awareness should be promoted within an organisation by means of regular education and training.
At Inverifi and its sister companies, each new employee receives security awareness training when they join.
The entire company is also required to attend a company-wide security awareness training session, every year.
Since we want our security awareness training sessions to be taken seriously, we try to make them engaging.
A few years ago, in one of our sessions, the company was shown a video demonstrating social engineering. The linked video contains a swear word.
Organisations may use other methods of promoting security awareness among employees.
At Inverifi and its sister companies, we bring attention to security blind spots as we see them, by actually exploiting those blind spots. We call this dishing.
We believe dishing is an excellent way of promoting security awareness.
Each time someone gets dished, not only does the victim receive a harsh reminder of the importance of operational security; the perpetrator themselves is made aware of just how easy it can be to steal sensitive information.
If an employee gets dished too many times within a short period, they are required to attend an individual security awareness training session.
Promoting security awareness is essential for any organisation that wants to keep its data secure. This is especially true for organisations that handle customer data.
As you now know, in addition to regular security awareness training, we have our own ways of actively promoting security awareness within our company.
Perhaps your organisation also has creative ways of promoting security awareness. If so, we’d love to hear about this on our socials, linked in the page footer.
Streamlining compliance – introducing Inverifi’s new compliance standard templates Introducing Inverifi’s Annex control functionality We’re happy to announce that compliance standards are now live in
ISO 27001 Controls: Developing Secure Apps The importance of privacy and security When you’re developing an application, it is important to consider how it handles
Introducing Diagrams A new way to visualise and connect your organisation’s process flows We are thrilled to announce the release of Diagrams, a brand new
©Copyright Inverifi 2023, All rights reserved. Registered in England, No: 06959535, , +44 20 4574 9908
