1 00:00:00,005 --> 00:00:02,004 - [Instructor] Security education programs 2 00:00:02,004 --> 00:00:04,009 should include a wide variety of topics 3 00:00:04,009 --> 00:00:07,001 related to user habits. 4 00:00:07,001 --> 00:00:11,000 By replacing risky habits with strong security habits, 5 00:00:11,000 --> 00:00:13,004 organizations reduce the likelihood 6 00:00:13,004 --> 00:00:16,003 that user accounts will become compromised. 7 00:00:16,003 --> 00:00:18,001 Let's take look at some of the habits 8 00:00:18,001 --> 00:00:22,008 that security education programs should address. 9 00:00:22,008 --> 00:00:25,003 Security training should include coverage 10 00:00:25,003 --> 00:00:27,009 of password security practices. 11 00:00:27,009 --> 00:00:31,006 Most organizations already have a password security policy 12 00:00:31,006 --> 00:00:35,005 that enforces requirements such as password complexity 13 00:00:35,005 --> 00:00:37,004 and password expiration. 14 00:00:37,004 --> 00:00:40,004 Security training programs should remind users 15 00:00:40,004 --> 00:00:41,008 of these requirements 16 00:00:41,008 --> 00:00:44,009 and also educate them about the importance of requirements 17 00:00:44,009 --> 00:00:48,000 that can't be enforced with technology. 18 00:00:48,000 --> 00:00:49,002 For example, 19 00:00:49,002 --> 00:00:52,004 users should know that reusing their work password 20 00:00:52,004 --> 00:00:54,003 on websites and other accounts 21 00:00:54,003 --> 00:00:57,004 jeopardizes security because those websites 22 00:00:57,004 --> 00:01:00,007 or other accounts may be compromised. 23 00:01:00,007 --> 00:01:02,007 Organizations should also include 24 00:01:02,007 --> 00:01:04,003 data handling procedures 25 00:01:04,003 --> 00:01:06,007 in their security training programs. 26 00:01:06,007 --> 00:01:09,005 Users must know the proper ways to store, 27 00:01:09,005 --> 00:01:13,000 transmit, and destroy sensitive information. 28 00:01:13,000 --> 00:01:16,003 For example, security training may include coverage 29 00:01:16,003 --> 00:01:19,000 of an organizations clean desk policy 30 00:01:19,000 --> 00:01:21,009 designed to protect sensitive information 31 00:01:21,009 --> 00:01:25,003 from being left out in the open unattended. 32 00:01:25,003 --> 00:01:28,002 Security awareness efforts should also include 33 00:01:28,002 --> 00:01:30,003 physical security controls. 34 00:01:30,003 --> 00:01:33,008 If the organization uses badges or other technology 35 00:01:33,008 --> 00:01:36,002 to control access at doors, 36 00:01:36,002 --> 00:01:38,002 users should understand the importance of 37 00:01:38,002 --> 00:01:41,008 preventing tailgating and requiring each user 38 00:01:41,008 --> 00:01:44,007 to individually swipe his or her badge 39 00:01:44,007 --> 00:01:47,002 to unlock the door. 40 00:01:47,002 --> 00:01:49,004 Users should learn about an organizations 41 00:01:49,004 --> 00:01:50,006 bring your own device 42 00:01:50,006 --> 00:01:55,001 or BYOD policies during the security education program. 43 00:01:55,001 --> 00:01:58,006 If the organization does allow the use of personal devices, 44 00:01:58,006 --> 00:02:01,000 the training program should include coverage of 45 00:02:01,000 --> 00:02:04,002 acceptable use and security requirements. 46 00:02:04,002 --> 00:02:06,006 If the organization doesn't allow the use of 47 00:02:06,006 --> 00:02:09,005 personal devices with organizational data, 48 00:02:09,005 --> 00:02:12,009 the training program should make that clear. 49 00:02:12,009 --> 00:02:15,009 Finally, security education programs 50 00:02:15,009 --> 00:02:17,005 should also include coverage 51 00:02:17,005 --> 00:02:20,006 of the acceptable use of social media 52 00:02:20,006 --> 00:02:22,007 and peer-to-peer networks. 53 00:02:22,007 --> 00:02:25,005 Users should understand their responsibilities 54 00:02:25,005 --> 00:02:29,000 for projecting the proper image on public facing networks 55 00:02:29,000 --> 00:02:31,006 and the security risks involved with exchanging 56 00:02:31,006 --> 00:02:36,001 links and files with unknown individuals. 57 00:02:36,001 --> 00:02:38,000 That's a lot of material to cover in a 58 00:02:38,000 --> 00:02:39,009 security education program, 59 00:02:39,009 --> 00:02:43,004 but helping users adopt good security habits now 60 00:02:43,004 --> 00:02:47,000 may prevent serious security incidents down the road.