Woman frustrated because of the hacked computer in front of her.

Awareness

Discover our ultimate guide to awareness.

Find out how to protect your systems, minimize security risks and optimally arm yourself against cyber threats in the digital world

Awareness

Guide to Cyber Security in the Digital Age

Learn what awareness training is all about and how to make it most effective. Our comprehensive topic page provides you with useful tools, resources and expert tips to increase cybersecurity awareness and successfully defend against attacks.

Facts & Figures

face
Younger users
(18-40 years) are 65% more likely to click on phishing emails than older users (41-60 years).
Source: Human Risk Review 2023
warning
15 Millionen
Cyberattacks in Germany due to malware in 2022
Source: Statista
mail
47%
Almost one in two people open phishing emails, 31% of whom click on the malicious content
Source: Human Risk Review 2023
code
69%
of the spam mails were cyber attacks, e.g. fraud mails or phishing mails
Source: BSI

Cybersecurity Awareness – this is what matters in your company

Awareness Infocube
Phishing mails, fraudulent calls and malware threaten the security of companies every day. How can we train employees and raise their awareness of cybersecurity? What measures can companies take immediately for more security? And what can be left out?

IT security experts Gerhard Pölz and Marcus Heinze from ASTRUM IT explain what is important in awareness training and what security risks the home office actually poses.

Please note: The video is in German. Please note that the video is in German. You can activate the English subtitles in the settings.

Expert knowledge in lecture form

Further actions on the topic live and on demand

Would you like to stay informed about the latest findings and trends in the field of "awareness"? Are you looking for a way to expand your expert knowledge? IT security experts share their know-how with you in interactive live formats. Take the opportunity and ask your questions directly. Afterwards, all presentations are available on demand. No matter if you want to watch a specific presentation again or catch up on a missed presentation.

This is what Cybersecurity Awareness comprises

The biggest IT security risk in a company is the human factor. SO and so many attacks could be prevented by raising employee awareness. Depending on the company, training looks different - but certain points should always be included. Here you can read the most important contents of awareness training.
Schloss verbunden mit Schaltkreismuster.

Password guidelines

A strong password policy is a fundamental building block for an organization's security, protecting against many common attack methods such as brute force attacks and password theft. There are a few things to keep in mind: Passwords should be at least 8 characters and consist of a combination of upper and lowercase letters, numbers and special characters. In password policies, companies should state that each account has its own password and that these must be changed regularly. Password managers can help manage complex and unique passwords for multiple accounts.

More on the topic password policy
Computer keyboard with illuminated ‘PHISHING’ key and a fishhook symbol next to it.

Phishing detection

Recognizing and debunking phishing emails is one of the most significant points in security awareness training.It is important that employees are aware of how to respond to requests for personal information or financial transactions. It is also advisable to always check sender addresses to identify suspicious emails that may come from unknown or fake sources. In addition, it is important to be cautious when opening links or attachments from unknown sources. from unknown sources. Instead, employees should carefully check URLs and file names. Using multi-factor authentication or other multi-factor methods can also help minimize the impact of a successful phishing attack and strengthen account protection.

More on the topic Phishing detection
it-sa 365 | Awareness - Social Engineering

Recognizing social engineering

Social engineers cleverly rely on human emotions such as fear, curiosity, and empathy to get employees to disclose confidential information or perform unwanted actions. Therefore, it is of great importance to be alert to possible identity insecurities and verify the authenticity of the requester if there is even the slightest doubt. Additionally, employees should be alert when requests are made with an urgent tone and time pressure, as this is often a tactic ploy by social engineers to increase response speed. Requests for confidential company information must generally be handled with the utmost caution - verification of the sender is mandatory here. Employees should be encouraged to raise concerns. By being mindful and vigilant, employees can help strengthen the company's security against such attacks and minimize potential risks.

More on the topic Social Engineering
Paragraph symbol leaning against blue wall.

Privacy Policy

Data protection guidelines for companies with regard to cybersecurity awareness should contain clear instructions and procedures to protect personal data and company information from unauthorized access. It is important here to make employees aware of which data is particularly critical and must be handled with the utmost care. Data protection guidelines include clear instructions on data collection, processing and storage, as well as the consent of data subjects to data use. They also ensure that appropriate security measures are implemented to protect against unauthorized access and that all applicable data protection regulations are complied with.

More on the topic Privacy Policy
Person with smartphone in hand sits in front of laptop

Two-factor authentication

Two-factor authentication (2FA) is a security method that complements the traditional password authentication method. It uses two different authentication factors to verify a user's identity. Typically, 2FA combines something the user knows (e.g., a password) with something the user owns (e.g., a smartphone) or something that is unique to the user (e.g., biometric characteristics such as fingerprints). Using two different factors increases security because an attacker would have to crack both the password and the additional factor to gain access.

More on the topic Two-factor authentication

Social engineering, phishing & co. - why security awareness has never been more important

IT Security Talks

Phishing attacks on enterprises have become more sophisticated, with increased success rates for tactics such as CEO Fraud/Fake President. The emergence of spear phishing attacks and voice phishing operations demonstrates the growing resources that fraudsters and hackers are deploying, while artificial intelligence is providing new opportunities for threat applications.

In this IT Security Talk with Charline Kappes of SoSafeGmbH, gain insight about these new attack tactics and the psychological factors of social engineering.

This and other recordings are available free of charge to registered users of it-sa 365. Or participate directly live in our community format.

Please note: The video is in German. You can activate the English subtitles in the settings

Good to know - what you should know about awareness

IT awareness means that individuals are aware of and understand the dangers and best practices in dealing with IT and computers. It includes knowledge about risks and security when using information technology and digital resources. IT awareness plays an important role in making users aware of potential security risks. It helps to improve the security and efficiency of IT use in companies and organizations.
Security awareness is the general awareness of cyber security in the digital space. It is about users understanding the potential security risks and threats that can occur when dealing with computer systems, networks, software and digital data. Security awareness trains users in best security practices to minimize human error and increase security awareness, for example, in organizations.
Security awareness is important to make users aware of the potential security risks and threats in the digital world. Training in security best practices can reduce human error and improve the overall security posture of businesses and organizations.
Data privacy awareness means that individuals are aware of the importance of data privacy and the responsible handling of personal data. It includes knowledge of data protection regulations, the need to protect data, and compliance with relevant policies and regulations.
An awareness concept is a strategic plan that aims to increase people's awareness and understanding of a specific topic, such as security, privacy, or cybersecurity. It includes training, campaigns and actions to influence the knowledge and behavior of the target audience and create a higher level of security awareness.
The effectiveness of security awareness training can be measured by comparing the rate of phishing attacks before and after the training and monitoring the number of reported security incidents and employee misconduct. In addition, employee knowledge surveys and tests can be administered after training to assess learning.
Phishing

Phishing is a form of cyberattack in which fraudsters use fake emails, websites or messages to trick unsuspecting users into revealing sensitive information such as usernames, passwords or financial data. The deception is often done by imitating trusted sources or organizations. As a result, users are tricked into clicking on fraudulent links or using fake login pages. Phishing attacks aim to steal personal identities, misuse financial data or perform other fraudulent activities.

Malware

Malware is harmful software designed to cause harm or steal data on computers or devices. It can spread through downloads or infected email attachments and requires the use of antivirus programs and security measures to protect itself. Malware can come in various forms, such as viruses, Trojans, spyware or ransomware, and often spreads through downloads, email attachments, infected websites or USB devices.

Social engineering

Social engineering is a fraudulent method in which attackers use psychological manipulation techniques to trick people into revealing confidential information, performing inappropriate actions, or granting access to protected systems. These attacks exploit human weaknesses such as curiosity, trustfulness, or fear, and often bypass technical security measures by directly targeting victims' good faith.

You might also be interested in

Round table of four people, networking, Networking

You are not yet a registered user of it-sa 365?

The it-sa 365 platform is available to you as a digital HOME OF IT SECURITY all year round. As a registered participant, you can use the platform free of charge and have the opportunity to network with experts and enter into direct dialogue 365 days a year. You can participate in the IT Security Talks and other events & actions at it-sa 365 free of charge. We will also keep you up to date with news about our digital programme and the it-sa Expo&Congress on site in Nuremberg.

We look forward to you joining the it-sa 365 community!

More topics

Cloud SecurityHacking & DefenceOT Security