Why is Security Awareness Important?

Roy Davis
A free video tutorial from Roy Davis
Information Security Expert, Analytics, and IT Solutions
4.3 instructor rating • 2 courses • 20,384 students

Lecture description

Things can go wrong quicker than you think. This brief lecture will illustrate a real life example of why this is important. I've personally seen something like this example happen 3 times.

Learn more from the full course

Security Awareness Training, Internet Security for Employees

Basic security awareness guide on Internet security and privacy to help keep you, your home, and your employer safe.

01:00:48 of on-demand video • Updated April 2019

  • Discover the WHY behind security awareness. This will help make things stick!
  • How to build up your resilience to attacks and why this is more important than you currently think.
  • Learn about social engineering, what makes it work, and how to spot the red flags before you get duped.
  • Learn the fast and easy process to spot a fake email.
  • Hear password best practices you can actually follow.
  • How to create security questions that aren't easily guessed.
  • Learn about ransomware, why it's popular, and what you can do to prevent it.
  • How to browse the Internet safely and learn about typosquatting, malicious websites, and more.
  • Discover safe mobile device usage and how to stay safe even while traveling.
  • Determine which data is regulated and how to avoid accidental disclosure (basically data leaking).
  • Why securing your desk or computer is important.
  • Be able to communicate securely and effectively. And how to talk to your IT friends or co-workers.
English The best way to cement the idea that this is important is to give you an example of what could happen. Let's say you get a suspicious email, one that you are not expecting. You're intrigued by the subject line and you click on the link just to see what it's about. The link takes you to a web page and there you see that you can upgrade your mail storage and receive an Amazon gift card for testing a new upgrade feature for your mailbox. Awesome. All you need to do is enter your email address and your password on the linked page. What could be easier than that? See you click on the link and enter your credentials on the page to see if you can get the rewards. And lo and behold nothing happens. It's almost like the web page is broken. You submit your information once again and again and again and nothing happens. You're like "huh, that is really weird. Oh well, it was worth a shot." And you go about your day. After all, all you did was click on a link and submit a quick log on form. But within 24 hours the attacker that sent you the email is now using your mailbox to send hundreds, even peeking into the thousands of spam and other malicious emails to seemingly random people. When you get into work the next day you can't log into your email. The email system automatically disabled your mailbox. You call the help desk and a tech begins to diagnose the problem with you. The tech sees that the mailbox was disabled for security reasons and needs to escalate this to someone on the security team. The security professional makes sure that the threat is neutralized and then assesses the damage. In the midst of all the chaos, your organization's domain, which is your organization's web site name (also used for your email), is blacklisted on two major security web sites. These blacklists are used by security devices and companies all around the world. After a manager is briefed, the manager recommends to the CIO the blacklist removal fees should be paid and these cost ten thousand dollars a piece for the privilege of removal. After the fees are paid and the outboxes are cleaned, a tech reaches back out to you and helps you change your password. A security team member then schedules a one hour security awareness training session with you. It's scheduled for an hour but it usually takes maybe 15 minutes. It's a just a quick run over. And this whole process takes three days to sort out. Between the three people involved at the minimum and the blacklist fees, we're looking at roughly twenty seven thousand dollars for this Low key incident. Not including other potential time lost like other organizations blocking or throttling your organization. Nearly thirty thousand dollars and many man hours spent all from a 20 second follow through on an email link. Now I would be remiss if I told you that this happened every time an email link is clicked. The truth is this won't happen every time. However, this is a very low key conservative example, the likes of which I've unfortunately have seen many times. The goal here isn't to shock you with bombastic claims and scare tactics. The goal is to give you a behind the scenes glimpse of why this is important and how costly it is to not be in the know.