Top Barriers to Effective Vulnerability Risk Management
After recent reports revealed that SMBs are finally accepting the fact that cybersecurity measures aren’t just for the enterprise, the latest announcement from Terranova, a security and compliance company based in Quebec, couldn’t come at a better time. The company is now providing cybersecurity training for small to midsize businesses.
Terranova’s security awareness training is aimed at helping SMBs “transform all of their workers into strong links in their overall cybersecurity defenses.” The company realized that cybercriminals are identifying SMBs as easier targets than large enterprises due to their lack of investment in cybersecurity platforms and training.
The company’s Information Security Awareness, or ISA, for SMB program was created with a nod toward its global enterprise training programs, but with an approach that is more tailored to the specific cybersecurity challenges faced by SMB employees who may or may not be familiar with the ways hackers attempt to obtain access to sensitive customer or company data. Topics covered include email fraud, phishing scams, social engineering attacks, mobile security, password strength and customer data privacy. Terranova says the program “meets the information and personal information protection standards and laws in force (PCI-SSS, SOX, etc.).”
It offers two options for the ISA for SMB course, a hosted course accessible through the company’s Learning Management System or the hosted course with the inclusion of communication tools to introduce best practices and reinforce good security behaviors through posters, newsletters and desktop wallpapers through which security messages can be sent to employee computers.
These options are priced to fit the budgets of SMBs and are based on the number of employees in the company on a per year basis.
With data showing that many SMBs have already been victims of cybersecurity attacks to the tune of $20,000 or more in losses, increasing the budget to help educate employees on the types of security attacks that may be attempted and how to prevent giving hackers access seems like a much better way to spend money.
As the company’s website declares, employee education is the best first-line of defense:
“By emphasizing information security, business leaders can persuade their employees to adopt best practices, and ensure that everyone understands their own responsibilities in keeping data secure. The result is a much more useful and reliable level of protection than any technology.”
Kim Mays has been editing and writing about IT since 1999. She currently tackles the topics of small to midsize business technology and introducing new tools for IT. Follow Kim on Google+ or Twitter.
