• About
  • Contact
Monday, January 18, 2021
  • Login
No Result
View All Result
NEWSLETTER
UdhyamiNepali
  • Home
  • Discover
    • Udhyami Stories
    • From The Horse’s Mouth
    • 5 Picks
    • Events
    • Learning From Failure
  • Events
  • Meet the Team
    • Core Team
    • Mentors
    • Contributors
  • Contact
  • More
    • About Us
    • Contribute
    • Privacy Policy
  • Home
  • Discover
    • Udhyami Stories
    • From The Horse’s Mouth
    • 5 Picks
    • Events
    • Learning From Failure
  • Events
  • Meet the Team
    • Core Team
    • Mentors
    • Contributors
  • Contact
  • More
    • About Us
    • Contribute
    • Privacy Policy
No Result
View All Result
UdhyamiNepali
No Result
View All Result
Home From The Horse's Mouth

Cyber Security: Awareness And Training

by Ravi Dhungel
December 14, 2020
in From The Horse's Mouth
0
Cyber Security: Awareness And Training
49
SHARES
6
VIEWS
Share on FacebookShare on Twitter

[dropcap type=”default”]T[/dropcap]he recent banking security breaches in Nepal highlight the gap in technology, processes, and people in managing critical information technology infrastructures. More importantly, there have been gaps in training and awareness of cyber security. All financial institutions and banks should establish multi-year cyber security programs with training and awareness as a critical component of the program. Training and awareness is one of the measures to decrease the security debt and risks of any organisation. Banking and financial institutions should also leverage the value of cyber security training and awareness in supporting their bottom lines.

Photo by Jefferson Santos on Unsplash

Humans are major threat actors in cyber security – whether it’s an individual clicking a link in a phishing email or leaking information knowingly. The compromise in the system often starts with human actions. Research has shown that more than 60 percent of data breaches happening today are the result of an insider’s threat. Hence, training and awareness are critical controls in mitigating cyber risks. To develop effective cyber security training and awareness, banking and financial sectors need to clearly address certain action item. Some key ones are discussed below.

Assessment of training needs

Photo by Glenn Carstens-Peters on Unsplash

What kind of cyber security training is needed for organisations? Training needs assessment is the first step in identifying the requirements of cyber security training. It varies from basic cybersecurity 101 to advanced training on applications and Applications Programming Interface (API) security as well as vendor specific tools and technologies. The training needs largely depend on employees roles, company size, industry, and the technology stacks used among other things. Employees’ roles help to identify the cyber security training needs. Further, working with external cyber security assessment firms help to formalise the requirements and develop multi-year training programmes.

Basic cybersecurity and privacy training to employees

Photo by Jefferson Santos on Unsplash

While organisations’ size and scope of training depends on a lot of other business aspects, basic training in cyber security and privacy by all employees is needed. Basic training should focus on computer hygiene, data security, roles and responsibilities, physical security, and do’s and don’ts. This kind of training should be given during the onboarding of new employees and refreshed yearly or bi-yearly.

Training on privacy and compliance

Background vector created by freepik – www.freepik.com

Regulatory data compliance is important in any industry. Data compliance and privacy team should adhere to the regulatory requirements of the Nepal Rastra Bank (NRB), Payment Card Industry (PCI), EU General Data Protection Regulation (GDPR), and others as applicable. Failing to adhere to the compliance results in regulatory fines and impacts the goodwill of the institution.

Technology specific trainings to software engineers, security engineers, and engineering managers

Photo by Markus Spiske on Unsplash

This includes training on vulnerability management, threat modeling, digital forensics, application security, email security, cloud security, and technologies such as security information and event management (SIEM), intrusion detection system (IDS), file integrity monitoring, endpoint security, data loss prevention system, etc.

Phishing and simulation training

Banner vector created by katemangostar – www.freepik.com

This is one of the most popular cyber security trainings in an organisation. Phishing has a large attack surface, the threat of malware, adware, and ransomware can be largely reduced by this kind of training. Organisations should invest heavily in email security and training so that phishing emails don’t reach the individual mailbox and helps to reduce the attack surface.

Internal processes and policies

Photo by William Iven on Unsplash

Organisations should continuously train and monitor individuals on organisational internal processes and policies on incidence response, acceptable use policy, employee privacy statements, communications, data classification, etc. This ensures that confidentiality, integrity, and availability of the system is maintained.

Cybersecurity refreshment training

Photo by Austin Distel on Unsplash

C-level (chief level) executives need to be well aware of the fundamentals of cyber security and privacy. They must support cyber security governance and cyber security programs including training and awareness. C-level executives must also understand the competitive advantages and innovation in financial products by enabling security and privacy in financial technologies. It is a known fact that most phishing emails are targeted to C-level executives who should be trained on phishing and work with cyber security teams to mitigate phishing attacks.

Establishing cybersecurity as a shared responsibility

Photo by Perry Grone on Unsplash

It is the responsibility of management to establish a culture of security as a shared responsibility through training and awareness. A culture of cyber security should share values between different organisational units and accountability across the business units. Cyber security is not merely an IT problem but is the complex amalgamation of people, processes, and technologies.

Photo by Adeolu Eletu on Unsplash

The larger benefits of cyber security training and awareness include shared values between organisational units, auditing and third party compliance, increased predictability and reduced uncertainty of business operations, protection from legal liabilities, accountability and due-diligence, firm foundation for risk management, and security of customer data and privacy.

Tags: #awareness#cybersecurity#InformationTechnology#IT#Nepal#privacy#SecuredBanking#trainingatmhackingbankingbanksandfinancialinstitutionscyberlawdatabreachdataprivacyfeatured
Ravi Dhungel

Ravi Dhungel

Next Post
Nepalko: Promoting ‘Made in Nepal’ Products Globally

Nepalko: Promoting ‘Made in Nepal’ Products Globally

Leave a Reply Cancel reply

Popular News

  • Call for Business Proposal- Udhyami Nepali Business Challenge 2021

    Call for Business Proposal- Udhyami Nepali Business Challenge 2021

    0 shares
    Share 0 Tweet 0
  • Bioplastics Nepal: Biodegradable alternative to polythene bags

    625 shares
    Share 625 Tweet 0
  • 5 Tips for Maintaining Sustainability for a Social Entrepreneur

    4 shares
    Share 0 Tweet 4
  • Robotics Association of Nepal: AI and Technology for Development

    0 shares
    Share 0 Tweet 0
  • Sarawal Farms- Youths in organic farming for the past two years

    659 shares
    Share 659 Tweet 0

Categories

About Us:

UdhyamiNepali

Everyone of us is a Udhyami Nepali (meaning an Enterprising Nepali) working to make the vision of “ Sambriddha Nepal Sukhi Nepali” (Prosperous Nepal, Happy Nepali) a reality.

Newsletter

Like us on Facebook:

  • About
  • Contact

© 2020 UdhyamiNepali

No Result
View All Result
  • Home
  • Discover
    • Udhyami Stories
    • From The Horse’s Mouth
    • 5 Picks
    • Events
    • Learning From Failure
  • Events
  • Meet the Team
    • Core Team
    • Mentors
    • Contributors
  • Contact
  • More
    • About Us
    • Contribute
    • Privacy Policy

© 2020 UdhyamiNepali

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In