I often write about security awareness training, but it bears repeating periodically. Cyber security awareness training is required by some standards – the PCI DSS is pretty specific about requiring it. Security awareness training for the general employee population on at least an annual basis is a good idea. More technical training for IT or application developers is also a good idea.
There’s some excellent training available these days. We’ve developed our own program that we offer clients for employee cyber security awareness training. We’ve also partnered with organizations to provide specific technical training/LMS.
Our Incident Response/Forensic Practice provides training – First Responder training.
Having a well trained team of employees, from the receptionist to the IT CIRT team, can only help safeguard against the extremely sophisticated attacks that being frequented by the hacker groups these days. And, of course, include all levels within the organization. Sometimes the least “information security aware” employees are among the highest ranking in the organization.
Sr. Account Executive
Get Ready for PCI DSS v4.0
For PCI recommendations on payment processing with newly remote workers, PCI SSC suggests a review of key areas to protect payment card data. Read Article: Payment Processing in a Remote Working Environment