Wombat Security Technologies, a provider of cyber security awareness and training, has released a training series to help retailers address privacy laws and data-protection mandates, including the Payment Card Industry data security standards.
Wombat’s new compliance training series uses the company’s established learning techniques to explain data security to employees and emphasize their responsibility to secure sensitive information, a company press release said.
“The key is not just ‘awareness;’ it is behavior change,” Andrew Walls, Gartner vice president of security, risk and privacy is quoted as saying in the Wombat release. “Interactive security awareness training platforms help compliance managers effectively administer mandated employee education, prove the completion of training in the event of an audit and actually change the way that employees behave.”
Training results in fewer breaches and lower remediation costs, Walls said in the release.
Even small merchants can attract fraudsters, Joe Ferrara, Wombat president and CEO, said in the release.
“Today, every organization is a target for cyber criminals and employees are one of the primary attack vectors yet many businesses lack the expertise and resources to effectively train their people against these growing cyber threats,” Ferrara, said.
Wombat’s new compliance training helps compliance managers take a baseline assessment of employee understanding and compliance with critical data security policies, create training that addresses the most risky employees first, provide training on the importance of cardholder data security, outline common causes of data security breaches, and demonstrate how to maintain and enhance internal security control.
The training also teaches how to monitor completion of training assignments, assess employee performance and measure improvemen in terms of behavior and awareness, while also generating reports to demonstrate compliance with security requirements and prove the completion of training in the event of a PCI audit.
The training addresses email security, password management, social networking, smartphone/BYOD vulnerabilities, phishing and social engineering. The platform’s reporting capabilities provide aggregate and individual data to guide follow-up training and show changes in results over time.