Sign up to save your podcasts
Or
Share Q1 Security Insights 2026 - Episode 199
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Q1 Security Insights 2026 - Episode 199
On this insightful episode of Compliance Unfiltered, join the CU Guys as they delve into the essentials of security training and compliance for Q1 2026. Discover the importance of regular security reminders, the role of incident response plans, and how to keep your organization vigilant against evolving threats. With practical tips and real-world examples, this episode is a must-listen for anyone looking to enhance their security posture and compliance strategies. Tune in to stay ahead in the ever-changing landscape of cybersecurity.
Episode Transcript:
So, you know, when it comes to training for, you know, for personnel, for security best practices, you know, there's a there's a number of things that just kind of leap out to folks, right. You've got your security awareness training at higher, you've got annual security awareness, a refresher training, etc. So, you know, in the event that your organization isn't already doing those things, then by all means contact TCT, we can get you in the right direction.
But, you know, these are like the bare minimum, you know, type of a thing, but there's various compliance requirements are going to mean, you know, there's, you know, various other things, you know, that that should be done surrounding your, you know, security awareness and training program, not the least of which is security reminders, which is part of the reason why we do this kind of quarterly pod. You know, we've got organizations that will leverage both the, you know, the TCT pod and the TCT blog to use to supplement their security reminder, your kind of stance for their organization. So that's part of the reason why we why we pleased to aim, if you will. Um, but that said, if you can do reminders, you know, more often than quarterly, great, you know, but, uh, you know, you want, you want the personnel maintaining vigilance, you know, all the way throughout the year, et cetera.
But, you know, the, you know, for, for different organizations, they're going to have different types of directed training, um, that need to cover, you know, need, need to cover and or should cover additional, uh, facets that the organization wants to consider. So as an example, and one of the, one of the areas that, you know, oftentimes, uh, that organizations will kind of overlook is the fact that anybody on their team is a target. You know, I mean, everybody's got a LinkedIn, they, you know, say that they're working for the company, you know, et cetera. But because of that, the public association between the personnel and the organization itself, that means everybody, uh, you know, is, is effectively a target, not only, uh, in their day by day work, you know, arena, but also in their personal lives as well. Um, so, you know, everybody in the organization should not only be kind of paying attention to security and compliance related stuff, uh, when it can certainly, when it comes to work related elements, but, you know, just keep in mind that you could be, uh, you could be the subject of a, of kind of an indirect attack at trying to get to the organization.
So keep that in mind. Um, you know, every organization should have incident response, uh, an incident response plan, um, and, uh, you know, some type of a requirement for doing associated testing, uh, testing training, et cetera, you know, each year with your personnel, with certain vendors, et cetera.
And so as part of that training, um, it is recommended to, um, to do a tabletop exercise, uh, to run through various scenarios, et cetera. Um, but one of the big problems is, is that many organizations they'll, they take on this notion that, oh, if I declared an incident, then it's some type of a sign of failure, uh, you know, type of a thing. And so, you know, they don't declare low level incidents. They don't want to, um, you know, they don't exercise their program, you know, throughout, throughout the year.
View all episodes
By Total Compliance TrackingOn this insightful episode of Compliance Unfiltered, join the CU Guys as they delve into the essentials of security training and compliance for Q1 2026. Discover the importance of regular security reminders, the role of incident response plans, and how to keep your organization vigilant against evolving threats. With practical tips and real-world examples, this episode is a must-listen for anyone looking to enhance their security posture and compliance strategies. Tune in to stay ahead in the ever-changing landscape of cybersecurity.
Episode Transcript:
So, you know, when it comes to training for, you know, for personnel, for security best practices, you know, there's a there's a number of things that just kind of leap out to folks, right. You've got your security awareness training at higher, you've got annual security awareness, a refresher training, etc. So, you know, in the event that your organization isn't already doing those things, then by all means contact TCT, we can get you in the right direction.
But, you know, these are like the bare minimum, you know, type of a thing, but there's various compliance requirements are going to mean, you know, there's, you know, various other things, you know, that that should be done surrounding your, you know, security awareness and training program, not the least of which is security reminders, which is part of the reason why we do this kind of quarterly pod. You know, we've got organizations that will leverage both the, you know, the TCT pod and the TCT blog to use to supplement their security reminder, your kind of stance for their organization. So that's part of the reason why we why we pleased to aim, if you will. Um, but that said, if you can do reminders, you know, more often than quarterly, great, you know, but, uh, you know, you want, you want the personnel maintaining vigilance, you know, all the way throughout the year, et cetera.
But, you know, the, you know, for, for different organizations, they're going to have different types of directed training, um, that need to cover, you know, need, need to cover and or should cover additional, uh, facets that the organization wants to consider. So as an example, and one of the, one of the areas that, you know, oftentimes, uh, that organizations will kind of overlook is the fact that anybody on their team is a target. You know, I mean, everybody's got a LinkedIn, they, you know, say that they're working for the company, you know, et cetera. But because of that, the public association between the personnel and the organization itself, that means everybody, uh, you know, is, is effectively a target, not only, uh, in their day by day work, you know, arena, but also in their personal lives as well. Um, so, you know, everybody in the organization should not only be kind of paying attention to security and compliance related stuff, uh, when it can certainly, when it comes to work related elements, but, you know, just keep in mind that you could be, uh, you could be the subject of a, of kind of an indirect attack at trying to get to the organization.
So keep that in mind. Um, you know, every organization should have incident response, uh, an incident response plan, um, and, uh, you know, some type of a requirement for doing associated testing, uh, testing training, et cetera, you know, each year with your personnel, with certain vendors, et cetera.
And so as part of that training, um, it is recommended to, um, to do a tabletop exercise, uh, to run through various scenarios, et cetera. Um, but one of the big problems is, is that many organizations they'll, they take on this notion that, oh, if I declared an incident, then it's some type of a sign of failure, uh, you know, type of a thing. And so, you know, they don't declare low level incidents. They don't want to, um, you know, they don't exercise their program, you know, throughout, throughout the year.