Human beings are one of the weakest links in the security perimeter that organizations try to maintain. Human nature is wired in such a way that people want to be helpful and compliant. Hackers, scammers, and other malicious people attempt to take advantage of this fact to gain access to an organization’s systems or to steal money from the organization.
Security awareness training teaches people about the threat from these malicious people, how they operate, what to look for that might indicate an attack or a scam, and how to respond to the attack or scam.
Hackers, scammers, and other malicious people know about human nature and how to manipulate people into giving them what they want. Security awareness training teaches people how to avoid being used by these people to gain what they want. Every organization should have a program of security awareness training.
Organizations are expected to have a security awareness program that requires all new employees to be trained as part of their onboarding. It is also expected that an annual refresher training will take place.