When you do a penetration test to evaluate the safety of a computer system you will find out its strengths and weaknesses. This helps you to complete a risk assessment and looks great on reports for company executives. But what are you going to do when vulnerabilities are discovered?
Pen testing is a great way to find out where a company stands regarding cyber security. For instance, what can be done better and what kind of security measures need to be added to make the system more secure. When the penetration testing is done there are usually three courses of action companies should take:
1) Tech investment
If the virus protection, firewalls or other security technology is lacking you can recommend investing in a better one.
2) System update
If a system is out of date you can recommend measures to update it.
3) People training
If the system is fine but the penetration test still reveals vulnerabilities, then what? This is where security awareness training comes in and should be recommended.
Pen testing should reveal the human factor
Penetration testing is done by ethical hacking. This means that the company owners or IT specialist asks a veritable white hat hacker to hack their systems and see if they can exploit any security flaws. The hacking is done by various means, one of which is by exploiting the employees.
When systems are well run, virus protections, firewalls and other security technology up to date and the system administrators well versed in all things security related, it’s not the system that poses the risk but the people using it.
No anti-virus software or security update can protect a system when an employee lets a hacker in through the front door.
Therefore, we often state that us humans can be the weakest link when it comes to cyber security. A well-executed penetration test will reveal this risk.
Minimizing the risk
There is a way to turn employees into a human firewall. This is done by implementing security awareness training. When employees are made aware of the risk and taught the right way to use the system companies will get much better results from their penetration tests. Not only are the results better, the company becomes safer and the risk of a security breach is minimized. This could wind up saving a lot of money.
So how do you train employees?
AwareGO has the solution. It’s simple and elegant and is built on methods used by the advertising business. Employees get sent entertaining awareness “ads” for better cyber security behavior. This helps them remember the risks and to respond correctly in dangerous situations.
From clicking bad links to opening infected attachments and falling for phishing scams, AwareGO helps you keep up the security awareness of your employees.
Start sooner rather than later
Looking at all the measures companies can take to make themselves more cyber secure it’s easy to see that employee training is the most time consuming. It’s better to start sooner rather than later. AwareGO’s solution saves time by offering micro-learning. No long seminars or lectures that keep people away from their desks.
As more and more people are now forced to work from home the risk increases considerably as home networks are not as well protected as company networks. AwareGO has put together a Working from Home course that is now being offered as a free trial. This will help companies and industries that now need to digitize faster than expected to survive global economic challenges.
Offer a solution with the pen testing results
Pen testing companies should absolutely think about offering a more comprehensive solution, looping in the human factor and start “upgrading” humans as well as systems. AwareGO has a solution for that as well. We encourage penetration testers to join our Partner Program and offer people training as a part of the penetration testing results.
- Offer security awareness training to your existing customers and create a new revenue stream
- No set up fees. No required revenue targets.
- Dedicated partner team to support sales, marketing initiatives and proof of concepts
It all comes down to the holy trinity of cyber security:
Penetration tests and security awareness training go great together. The pen test reveals the vulnerabilities while security awareness training provides part of the medicine. When giving out the results of a penetration test, make sure you have the right remedies to offer along with it.
To get the best results all systems must be up to date and a strong virus protection in place. The same goes for people. They need to be up to date on the latest risks and be empowered to maintain a strong security culture within the company. We can help with that!