Human factor plays a big role in the vast majority of security breaches.
Bad actors have become masters of social engineering, tricking users into actions that circumvent even the tightest cyber security systems by preying on human error.
Using psychological manipulation, they trick individuals into opening attachments, clicking on malicious links, downloading malware such as ransomware, or divulging passwords and financial login details, as a way of getting a foothold onto company networks.
Security awareness training helps to lower this risk, and prevent the loss of personal information, intellectual property, money or brand reputation.
An effective training program should make employees understand the role they play in helping to fight data breaches, and stop the common cyber security mistakes they may make when e-mailing, surfing the Web, disposing of documents, or using flash drives that might contain sensitive data.
Priscilla Mutembwa, vice president of the US-Africa Cybersecurity Group, will be presenting on ‘Developing an effective security awareness and training programme’, at the ITWeb Security Summit 2021, to be held as a virtual event from 1 to 3 June.
Mutembwa is a business leader, advocating for small holder farmers and cyber security in Africa. She holds qualifications in computer systems engineering, accounting and cyber security management and policy implementation.
She began her career in information systems development and implementation. Following a period as a management consultant, Mutembwa became a chartered management accountant, and after achieving an MBA, she found her career transitioning into general management. This culminated in her becoming the CEO for Cargill Zimbabwe for seven years before relocation to the US where she then moved into cyber security. Subsequent to her gaining a Masters in Cybersecurity, she joined the US-Africa Cybersecurity group where she was responsible for cyber security policy development and implementation. Currently, she heads up DAMIPA consulting, a risk management consulting firm specialising in cyber security that she founded.
During her presentation, she Mutembwawill focus on the extent to which security awareness training is fit for purpose and will discuss whether or not it caters for all employees from different generations and departments.
In addition, she will cover how businesses are adapting their security awareness and training initiatives for work from home environments, and will talk about how to create a culture of reporting security incidents based on trust and understanding rather than fear. Finally, she will unpack how to design and implement an effective, ongoing phishing awareness campaign.