1 of 17

Cyber Readiness Training

[Company Name]

becyberready.com

cyberreadinessinstitute.org

2 of 17

What is Cyber Readiness?

Taking practical steps to prevent cyber attacks by focusing on human behavior related to four core issues and knowing what to do if an incident occurs. The goal is to create a culture of cyber readiness in your organization.

2

becyberready.com

cyberreadinessinstitute.org

3 of 17

Learning Objectives

  • Meet your Cyber Leader
  • Know the importance of the Core Four in preventing cyber attacks
    • Passwords +
    • Software Updates
    • Phishing
    • Data Storage and Sharing
  • Learn your role, if any, in keeping your business running if there is a cyber incident

3

becyberready.com

cyberreadinessinstitute.org

4 of 17

Meet your Cyber Leader

INSERT CYBER LEADER CONTACT INFO

As the Cyber Leader, my role is to positively influence human behavior, build awareness and gain your commitment to create a culture of cyber readiness from top to bottom.

4

becyberready.com

cyberreadinessinstitute.org

5 of 17

Introduction to the Core Four

Our cyber policies are focused on four key policy areas because they are both the cause of most cyber issues and easiest to prevent.

  1. How employees manage passwords and authentication,
  2. software updates,
  3. phishing awareness training, and
  4. data storage and sharing.

These requirements are meant to apply to all employees and contractors accessing company systems and networks on all devices including computers, phones, and tablets. This applies to company-issued devices and personal devices.

5

becyberready.com

cyberreadinessinstitute.org

6 of 17

Passwords+

The first line of defense against opportunistic hackers is strong authentication, consisting of long passwords and the use of multi-factor authentication (MFA). Enabling strong authentication takes just a few moments and is a key part of good cyber hygiene. An organizational commitment to using strong authentication practices will ensure only the right people have access to the right systems, resources, and information.

Passwords+ Facts:

    • The use of stolen credentials, accounted for 50% of attacks in 2021 (Verizon DBIR)

Here’s a short video that will tell you about the importance of a strong password and the use of multi-factor authentication.

Passwords+ Explainer - YouTube

6

becyberready.com

cyberreadinessinstitute.org

7 of 17

ORG NAME Passwords+ Policy

Insert your organizations Passwords+ Policy

7

becyberready.com

cyberreadinessinstitute.org

8 of 17

Software Updates

Most cyber-attacks target systems with known vulnerabilities. Regularly updating your software ensures that the latest security features are working for you.

Software Update Facts:

  • 37% of intrusions in 2021 started with an exploit of a known vulnerability

Here’s a short video that will tell you about the importance of software updates.

Software Updates Explainer - YouTube

8

becyberready.com

cyberreadinessinstitute.org

9 of 17

ORG NAME Software Update Policy

Insert your organizations Software Updates Policy

9

becyberready.com

cyberreadinessinstitute.org

10 of 17

Phishing

Phishing uses deceptive messages to gain access to an organization’s network and data. Anyone with an email account or smartphone can put your organization at risk by clicking on links in phishing messages. To decrease the risk of a successful phishing attempt employees must complete proper awareness training on a regular basis to stay updated on the evolving nature of this threat.

Phishing Stats:

  • Just over one in four employees (26%) said they had fallen for a phishing scam at work in the last 12 months - up very slightly from 25% in 2020. – Tessian Research (2022)
  • Most phishing attacks are sent during the afternoon slump, between 2pm and 6pm, when people are more likely to be tired or distracted. – Tessian Research (2022)

Here’s a short video that will tell you about the importance of making your workforce aware of phishing emails and how to spot them.

Phishing Explainer - YouTube

10

becyberready.com

cyberreadinessinstitute.org

11 of 17

ORG NAME Phishing Policy

Insert your organizations Phishing policy

11

becyberready.com

cyberreadinessinstitute.org

12 of 17

Secure Storage & Sharing

USBs and other forms of removable media are a common carrier of viruses and malware. Setting strong policies and guidance for USBs and removable media will help keep data secure and avoid unnecessary attacks. With cloud storage, your organization can store data on the Internet through a provider who manages and operates data storage as a service.

Secure Storage and Sharing Facts:

  • The use of USB removable media increased by 30% last year, and so did the percentage of malware capable of propagating over USB or exploiting USB devices for initial infection — there was an increase from 19% in 2019 to 37% in 2020. – Honeywell (2021)
  • 79% of cyber threats originating from removable media could critically impact operational technology (OT) environments – Honeywell (2021)
  • The average yearly financial loss due to compromised cloud accounts per year for the organizations represented is $6.2 million. – Ponemon Institute (2021)

Here’s a short video that will tell you about the importance of secure file sharing and some of the common dangers of using USBs and removable media.

Secure Storage & Sharing Explainer - YouTube

12

becyberready.com

cyberreadinessinstitute.org

13 of 17

ORG NAME Secure Storage & Sharing Policy

Insert your organizations Secure Storage & Sharing policy

13

becyberready.com

cyberreadinessinstitute.org

14 of 17

Business Continuity Plan

A business continuity plan provides a company the opportunity to plan for the capability of your company to continue the delivery of products and services within acceptable time frames at predefined capacity during a disruption. Our plan will support strategic objectives, protect our reputation and credibility, and enable you to remain resilient in the face of a cyber attack.

Developing this plan will helps us get ahead of the threat. There are three main elements to your incident response:

  • Prepare for possible future incident;
  • Respond during the incident; and
  • Recover from the incident.

Some questions you will need to ask when developing your plan include:

  • What is my role?
  • Who is impacted? Is it just internal or are my customers at risk?

14

becyberready.com

cyberreadinessinstitute.org

15 of 17

Why we need a Business Continuity Plan?

Business Continuity Plan Stats:

  • Companies take 197 days to identify a breach and 69 days to contain one on average. – IBM
  • 77% of respondents indicating they do not have a cybersecurity incident response plan applied consistently across the enterprise. – IBM/Ponemon Institute

Here’s a short video that will tell you about the importance of a business continuity plan.

Business Continuity Plan Explainer - YouTube

15

becyberready.com

cyberreadinessinstitute.org

16 of 17

Cyber Readiness Quiz

  1. Who is your designated Cyber Leader?
  2. What is our policy on multi-factor authentication?
  3. What do you do if you see a suspicious email in your inbox?

16

becyberready.com

cyberreadinessinstitute.org

17 of 17

ORG NAME Cyber Leader Contact Information

Insert Cyber Leader Contact Information

17

becyberready.com

cyberreadinessinstitute.org