Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

Back to Normal? Remember Cybersecurity Awareness Training!

Many offices are opening their doors and welcoming employees back to the workplace for the first time since the COVID-19 pandemic started. The transition from home to the office will likely be as difficult as the transition from the workplace to a work-from-home environment a year ago. Old routines may have to be relearned, and new rules accommodated, especially regarding safety and security. A refresher course in cybersecurity will be a great way to help employees get back in the swing, and recall security best practices they may have forgotten.

Prevent Cyber Threat Actors from Taking Advantage

Cyber threat actors are always on the lookout for weaknesses to exploit. A year ago, the transition to a remote working environment was the big concern. Now, the return to "normal" could be even more risky, as people regain access to secure areas and shared working spaces. Cyber-attackers will look for ways to take advantage of people's return to the workplace; this could include tricking returning employees into revealing passwords, and other security no-nos.

According to the 2021 Verizon Data Breach Investigations Report, 85% of breaches involved a human element. These were primarily phishing (social engineering) and the use of stolen credentials (hacking). Cybersecurity awareness training will help keep people from making the kind of careless mistakes that could put organizations at risk.

Security Awareness and Skills Training in the CIS Controls

Ongoing security awareness training is an important component of the cybersecurity best practices known as the CIS Controls. The CIS Controls offer prioritized and prescriptive actions that protect organizations from known cyber-attack vectors.

The recently released CIS Controls v8 includes one Control devoted specifically to security awareness and skills training (CIS Control 14). It recommends that organizations: "Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise."

A gap analysis of the cybersecurity skills and behaviors employees lack will be an important first step. With this information, organizations can build a baseline education roadmap to train employees. A top priority is the ability to identify social engineering attacks such as phishing, phone scams, and impersonation calls.

Discounted SANS Training Available to SLTTs

Some of the best cybersecurity awareness training online is available through the SANS Institute, a trusted source for cybersecurity certification and research. The Center for Internet Security (CIS) is proud to collaborate with the SANS Institute to provide this training to U.S. State, Local, Tribal, and Territorial (SLTT) government entities. Now through July 31, 2021, eligible SLTTs can receive more than 50% off comprehensive security awareness training programs!


2021 SLED budget graph

Source: © SANS Institute, SANS 2021 Security Awareness Report

SLTTs usually have a much smaller budget for security training than other organizations. This is one of the main reasons why CIS and SANS partner together to offer security training programs at an affordable cost, ensuring that critical government organizations can improve their security posture and enhance their cybersecurity readiness to better protect their staff, their citizens, and the nation.

SLTTs can access SANS's trusted and effective cybersecurity awareness training program, SANS Security Awareness, with competitive group purchasing discounts. Developed by highly experienced cybersecurity instructors and experts, SANS Security Awareness offers a customizable mix of end user training content to address relevant threats, teach security concepts that are critical to your workplace, and adhere to the ideologies of your organization’s corporate culture. Demos are also available for all versions of SANS Security Awareness. Employees can take online security training at home, prior to returning to the office, as easily as upon their return.

CIS Controls Training

Control 14 in the recently released CIS Controls v8 is focused on establishing and maintaining a security awareness program. If you're interested in learning more about the latest version of the CIS Controls, auditing your security program against their recommendations, and implementing the best practices in your organization, the updated SEC566: Implementing and Auditing CIS Critical Controls course is available at a significant discount through our partnership program. Dozens of other OnDemand and Live Online courses from SANS are available as well.