Slide 1: Title “Laboratory Exercise: Security Awareness”

Presented by: Rizzi, Clifford Chazz L.

BSIT 611

Slide 2: Title “Importance of Security Awareness

Training”

Slide 3: Did you know?..

Slide 10: According to recent

statistics..

Slide 11:
Slide 12: Headline “Importance of Security Awareness Training”

1. To equip employees with the knowledge they need

As it was mentioned above, the people in a company or in an organization plays a vital role in
security. Employees can access documents and personal data which makes them susceptible for
cyberattacks. If each employee of a company/organization are well-trained and very much
aware of security issues and risks, then we can lessen the possibility of an attack or reduce its
adverse effects.
2. To prevent breaches and attacks
Following the statement above, if the employees are equipped with the knowledge they need
regarding the matter, then Security Awareness Training is important to prevent breaches and
attacks.
3. To make technological defenses more robust
If the employees have the right knowledge on how to address cybersecurity issues/attacks, if the
people of a certain company/organization are well-trained, and if the security awareness
training were effective integrated enough, then we can make technological defenses more than
strong.
4. To give your customers confidence
If a company suffers from multiple cyberattacks and does not have a well-defined solution and
prevention for the matter, the clients and customers would opt out of trusting them. Thus, if the
company/organization provides enough employee training about cybersecurity and implements
solid solutions, then customers and clients are more likely to be confident with them.
5. For compliance
There is an international security standard for information risk management which is to adhere
to ISO/IEC 27001. To comply with that, a company/organization must include IT Security
Awareness Training for their employees.
6. To be socially responsible as a business
What we mean here is that, a company/organization/business holds a huge amount of data
from their clients and customers, and a lot of people trust them to take responsibility of their
personal information, in exchange for the loyalty and trust given by the clients or customers, the
company/organization/business must be responsible for it.
7. To improve employee wellbeing
From the articles that I’ve read, cyber safety is not the only thing that the security awareness
training solves but also it helps with the improvement of employees’ productivity and well-being
at work.

Reflection

Proper training comes as a great armor. It pours knowledge to every individual, helps
them be familiar with possible conflicts that may occur, give them confidence to combat
difficulties on their own, and place an organization to a change for advancement. Truly, our time
now being technologically-advanced comes with a great price we all have to deal with. That is,
our personal data being at stake. Privacy and security becomes a serious problem that we all
have to solve. Cyberattacks does not stop being just ‘cyberattacks’ but as our tech-savvy society
grows, cyberattacks becomes more aggressive. That is the reason why security awareness
training is important in every business sector/company/organization.
In some articles that I’ve read online, security awareness training is defined differently
but still as one. In a blog post at metacompliance.com, security awareness training is defined as
“an education for employees about the Cyber Security landscape. Using a range of learning
methods, security awareness training helps to raise awareness of Cyber Security threats, reduce
the risks associated with cyber attacks and embed a culture of security compliance in your
organisation.” [ CITATION Dee20 \l 13321 ] Meanwhile, John Terra highlighted the importance of
Security Awareness Training by discussing different topics like the definition of cyber security
awareness, the benefits of the training, the best practices for security, how to start the training,
and other things to learn about cyber security. According to him, “cyber-criminals can
effortlessly wreak havoc on our lives and businesses. Our increased use of the internet and
mobile usage gives them even more opportunities to exploit our vulnerabilities. In the
commercial sector alone, a successful cyber-attack can bring a company to its knees, causing
damage that, in some cases, cannot be recovered. Fortunately, there are processes an
organization can initiate to help mitigate the effects of cyber-crime, beginning with the essential
first step of raising cyber security awareness.” [ CITATION Ter21 \l 13321 ] At efrontlearning.com
they provided four items to say how security awareness training would benefit one’s
organization. First, security awareness training improves employees’ digital (security) literacy.
Second, by conducting these training the company complies to ISO/IEC 27001
recommendations. Third, it protects the company’s reputation by preventing one’s information
to be in wrong hands and to convey to your customers that they can be confident in your brand.
Lastly, save time and money by preventing information leaks. [ CITATION zoe20 \l 13321 ]
Additionally, at an article posted by mediapro.com, they suggested topics that should be
covered in security awareness training. These are, phishing, social engineering, safe internet
habits, safe use of social media, mobile computing, insider threats, incident reporting, laws and
regulations governing your business, and data privacy practices. [ CITATION Med21 \l 13321 ]
To sum up, I’ve realised how important it really is for a company/business/organisation
to provide a security awareness training. I learned well from the articles that I’ve read. Truly,
cyberattacks were not going anywhere, they are surely here to stay to wreak havoc with our
online activities. Trainings as such would be a great armor to make our cyber defenses more
robust.