JULY 26, 2013
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Old Malware, New Tricks: File Infector Steals FTP Credentials

Security for Home Users
Summer of Scams: Blockbusters Get Used as Bait

Security for Business
Proactive Security Awareness Programs: Turning Weakness into Strength



Security for Business

Proactive Security Awareness Programs: Turning Weakness into Strength

Empower your employees by helping them realize the important role they play in mitigating targeted attacks.”



Most advanced persistent threat (APT) defense strategies solely focus on data protection, threat intelligence, and comprehensive network monitoring. They often leave employees out of the solution. Since human weakness is still the greatest vulnerability of any given organization, businesses should enforce rigorous security awareness programs.

Regular, Real, and Rigorous Training

A powerful awareness program should make the threat real for every worker. This way, each employee feels responsible for actively defending the business he or she’s part of. The program must be made of a series of training sessions that aim to accomplish three things.

First, the training must educate workers about targeted attacks, their effects on businesses, and the common methods attackers use. Why? Because an ISACA study says 67% of its respondents revealed they their awareness training about APTs did not increase.

The training should tackle the basic principles of social engineering, the psychology behind it, and the human emotions it takes advantage of—fear, urgency, and trust. Organizations must also implement policies that will let their employees practice what they learn. They should administer policies that let their employees validate or invalidate the authenticity of anything suspicious like an “urgent business-critical task” email from a source posing as one of the company’s higher-ups.

Second, the awareness campaign must move away from using one-time training manuals. It must implement real-life security drills to train employees on confronting actual social ploys. These drills should provide immediate feedback with brief explanations about mistakes made, along with tips to best face similar situations. When crafting these tests, keep in mind that malicious tactics can change over time. Organizations should then adjust their training to keep up with constantly evolving threats and techniques.

Lastly, the training should make the participants understand what information is safe to reveal to the public and what isn’t. Employees need to be mindful of the possible effects of sharing too much online. They must be familiar about safe ways to share business data.

Transform Your Weakest Link into a Security Asset

The success of business defenses doesn’t only rely on threat intelligence and good network security; it also depends on a well-informed, vigilant, and ethical workforce. Empower your employees by helping them realize the important role they play in mitigating targeted attacks.

Copyright ©2013 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.

www.trendmicro.com

  CONNECT WITH US ON: