{"id":20842,"date":"2020-04-30T15:19:41","date_gmt":"2020-04-30T19:19:41","guid":{"rendered":"https:\/\/www.sherweb.com\/blog\/?p=20842"},"modified":"2024-06-03T12:15:58","modified_gmt":"2024-06-03T16:15:58","slug":"security-awareness-training-is-no-longer-optional","status":"publish","type":"post","link":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/","title":{"rendered":"Security awareness training is no longer optional"},"content":{"rendered":"<p>If there\u2019s any lesson to be learned from two recent Canadian data breaches it\u2019s that IT security depends on a lot more than just deploying the right technology. It\u2019s long been known that people are one of the weakest links in IT security. And yet I find it shocking how many businesses still learn this the hard way. It doesn\u2019t matter whether you\u2019re a small business or multinational enterprise, cyber security awareness training is no longer optional.<\/p>\n<h2><span lang=\"EN-US\">Damage from data breaches can be crippling<\/span><\/h2>\n<p>The financial and reputational damage done by cybersecurity breaches can paralyze businesses and government agencies alike. Last year, <a href=\"https:\/\/www.npr.org\/2019\/08\/20\/752695554\/23-texas-towns-hit-with-ransomware-attack-in-new-front-of-cyberassault\">23 Municipalities in the state of Texas were hit simultaneously<\/a> with the Sodinokibi ransomware. The attack occurred through a software used by the municipalities. All it took to paralyze the local governments was a single employee opening a seemingly benign attachment.<\/p>\n<p>And in more recent events, with the COVID-19 crisis, there has been a surge in fake email campaigns to gain malicious access to various systems. One great example of this is a<a href=\"https:\/\/hotforsecurity.bitdefender.com\/blog\/new-trickbot-campaign-uses-fake-emails-from-u-s-department-of-labor-23185.html\" target=\"_blank\" rel=\"noopener noreferrer\"> message from the U.S. Department of Labour<\/a> tricking people into opening a .DOC file with macros in it. Once the user accepts the macros, a file is automatically downloaded to the computer. Other such attacks include <a href=\"https:\/\/www.darkreading.com\/cloud\/fake-microsoft-teams-emails-phish-for-credentials\/d\/d-id\/1337717\">fake emails from Microsoft<\/a> to gain user credentials by sending you to a fake Teams landing page.<\/p>\n<p>These breaches can be avoided.<\/p>\n<h2><span lang=\"EN-US\">Better training can prevent breaches<\/span><\/h2>\n<p>Both of these cases demonstrate how data breaches can be avoided with better cyber security awareness training. That City of Calgary employee didn\u2019t mean to do any harm. But they also were definitely not aware of how much could go wrong moving around large sets of personnel files. That lack of awareness made them careless.<\/p>\n<p>That Desjardin\u2019s employee was a malicious actor however. It was their coworkers who didn\u2019t recognize the risks of bypassing privacy rules. Their assumptions about a coworker\u2019s intentions made them careless.<\/p>\n<p>Neither breach was the result of a technological failure. They resulted from employees not knowing what they needed to pay attention to to ensure data security.<\/p>\n<p>And in my 20 year IT security career I\u2019ve seen this same failure over and over. Here we are at the start of 2020 and social engineering remains one of the easiest way attackers gain access to data.<\/p>\n<p>There\u2019s strong evidence backing what I\u2019ve seen firsthand. <a href=\"https:\/\/www.kaspersky.com\/blog\/understanding-security-of-the-cloud\" target=\"_blank\" rel=\"noopener noreferrer\">Kaspersky Labs found that<\/a> a third of cyberattacks succeed only by exploiting social engineering. The remaining two-thirds involve some degree of technical exploit, but many still employ social engineering in part.<\/p>\n<h2><span lang=\"EN-US\">The answer is to be proactive<\/span><\/h2>\n<p>There\u2019s no silver bullet. Be wary of anyone who claims there is. Because there are so many different threat profiles out there\u2014everything from script kiddies to organized crime, and yes, internal threats\u2014and so many attack vectors available to them on modern networks, enterprise cybersecurity requires a comprehensive approach. This is called Layered security.<\/p>\n<p>Layered security is a methodology that assumes any single layer of protection will inevitably fail. So you design your overall security program to stop or slow threats as they try to reach assets deeper on your network.<\/p>\n<h2>Layers of security<\/h2>\n<p>On the technical side this means integrating security throughout your organization\u2019s IT infrastructure. Including at the network, transmission, application and system levels.<\/p>\n<h3><strong>We need human-level security layer<\/strong><\/h3>\n<p>What I think is lacking is a comparable Layered security approach for social engineering attacks. These attacks don\u2019t just walk in the front door, but when they do, they do so by using a security badge you legitimately provided. Threats that exploit people can attack all levels of an organization. They can go after front desk staff answering the phones and greeting whomever comes in the door. They can try to fool busy executives with access to confidential data and not always enough time to scrutinize every single email, website, or thumb drive they see. And yes, they can even go after IT security professionals who are human after all, and can make mistakes.<\/p>\n<p>Security awareness training needs to come from the top down. It needs to be conducted at all levels, and more importantly <em>be seen<\/em> being conducted at all levels so everyone in the organization knows it\u2019s important. This helps build a culture of security and accountability where policies are respected and everyone works to minimize risks. I call this Trickle Down Security<\/p>\n<p>Some best practices I think every security awareness program should follow are:<\/p>\n<ol>\n<li>Establish buy-in from the executive level on down. Proper security training requires leadership.<\/li>\n<li>Then make sure all of those levels, even the executives, take security awareness training.<\/li>\n<li>Establish clear communication channels so the entire organization understands the goals.<\/li>\n<li>Set performance benchmarks. Security awareness is measurable! You can conduct testing after training sessions to see what information employees have retained. Or better yet, conduct mock social engineering attacks and assess results.<\/li>\n<li>Use real-world training examples and tailor them to your audience. Those front desk staffers should see examples of social engineering phone calls they might get.<\/li>\n<li>Make it ongoing. Threats in IT are constantly evolving. The training program you design needs to evolve just as quickly.<\/li>\n<\/ol>\n<p>Any business can benefit from security training that emphasizes these points, even heavily process-oriented businesses. But these practices are especially important for businesses with highly valuable human capital, like knowledge workers.<\/p>\n<h2><strong>Final thoughts<\/strong><\/h2>\n<p>Just like implementing a single layer of network security won\u2019t protect your infrastructure, training a single category of staff won\u2019t protect against social engineering attacks. The Trickle Down Security approach is the most viable way to ensure that every organizational level is protected against the unique cyberattacks that might exploit their human personnel.<\/p>\n<p>Desjardin\u2019s and the City of Calgary learned the hard way what can go wrong if you don\u2019t. I hope other organizations don\u2019t have to.<\/p>\n<p><a href=\"https:\/\/www.sherweb.com\/en-ca\/contact-us\/\" target=\"_blank\" rel=\"noopener noreferrer\">Contact Sherweb experts<\/a> today for help designing the right security program for your organization.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If there\u2019s any lesson to be learned from two recent Canadian data breaches it\u2019s that IT secur","protected":false},"author":84,"featured_media":20849,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[753],"tags":[880,919],"class_list":["post-20842","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-awareness-training","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Security awareness training is no longer optional | Sherweb<\/title>\n<meta name=\"description\" content=\"It doesn\u2019t matter whether you\u2019re a small business or multinational enterprise, cyber security awareness training is no longer optional.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security awareness training is no longer optional | Sherweb\" \/>\n<meta property=\"og:description\" content=\"It doesn\u2019t matter whether you\u2019re a small business or multinational enterprise, cyber security awareness training is no longer optional.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/\" \/>\n<meta property=\"og:site_name\" content=\"Sherweb\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Sherweb\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-30T19:19:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-03T16:15:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.sherweb.com\/blog\/wp-content\/uploads\/EmployeeTraining-1200x630-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Guillaume Boisvert\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.sherweb.com\/blog\/wp-content\/uploads\/EmployeeTraining-1200x630-1.png\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/GoGreenwood1\" \/>\n<meta name=\"twitter:site\" content=\"@SherWeb\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Guillaume Boisvert\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/\"},\"author\":{\"name\":\"Guillaume Boisvert\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/#\\\/schema\\\/person\\\/9d7eaf664a5d618b082f0a8454c779f5\"},\"headline\":\"Security awareness training is no longer optional\",\"datePublished\":\"2020-04-30T19:19:41+00:00\",\"dateModified\":\"2024-06-03T16:15:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/\"},\"wordCount\":1006,\"commentCount\":4,\"image\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/#primaryimage\"},\"thumbnailUrl\":\"\\\/blog\\\/wp-content\\\/uploads\\\/EmployeeTraining-1200x480-1.png\",\"keywords\":[\"Awareness training\",\"Cybersecurity\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/\",\"url\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/\",\"name\":\"Security awareness training is no longer optional | Sherweb\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/#primaryimage\"},\"thumbnailUrl\":\"\\\/blog\\\/wp-content\\\/uploads\\\/EmployeeTraining-1200x480-1.png\",\"datePublished\":\"2020-04-30T19:19:41+00:00\",\"dateModified\":\"2024-06-03T16:15:58+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/#\\\/schema\\\/person\\\/9d7eaf664a5d618b082f0a8454c779f5\"},\"description\":\"It doesn\u2019t matter whether you\u2019re a small business or multinational enterprise, cyber security awareness training is no longer optional.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/#primaryimage\",\"url\":\"\\\/blog\\\/wp-content\\\/uploads\\\/EmployeeTraining-1200x480-1.png\",\"contentUrl\":\"\\\/blog\\\/wp-content\\\/uploads\\\/EmployeeTraining-1200x480-1.png\",\"width\":1200,\"height\":460,\"caption\":\"Security awareness training\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/security-awareness-training-is-no-longer-optional\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security awareness training is no longer optional\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/\",\"name\":\"Sherweb\",\"description\":\"More than a cloud marketplace\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/#\\\/schema\\\/person\\\/9d7eaf664a5d618b082f0a8454c779f5\",\"name\":\"Guillaume Boisvert\",\"description\":\"Guillaume identifies and evaluates new solutions and product features that help Sherweb and its partners grow and compete. Responsible for the growth and development of Office Protect, Sherweb\u2019s security add-on for Microsoft 365, Guillaume leads the team responsible for building and commercializing the company's in-house security offering. He has almost two decades of experience developing software-as-a-service (SaaS), both as a technical lead and as a product manager.\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/GoGreenwood1\"],\"url\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/author\\\/guillaumeboisvert\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security awareness training is no longer optional | Sherweb","description":"It doesn\u2019t matter whether you\u2019re a small business or multinational enterprise, cyber security awareness training is no longer optional.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/","og_locale":"en_US","og_type":"article","og_title":"Security awareness training is no longer optional | Sherweb","og_description":"It doesn\u2019t matter whether you\u2019re a small business or multinational enterprise, cyber security awareness training is no longer optional.","og_url":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/","og_site_name":"Sherweb","article_publisher":"https:\/\/www.facebook.com\/Sherweb","article_published_time":"2020-04-30T19:19:41+00:00","article_modified_time":"2024-06-03T16:15:58+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.sherweb.com\/blog\/wp-content\/uploads\/EmployeeTraining-1200x630-1.png","type":"image\/png"}],"author":"Guillaume Boisvert","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.sherweb.com\/blog\/wp-content\/uploads\/EmployeeTraining-1200x630-1.png","twitter_creator":"@https:\/\/twitter.com\/GoGreenwood1","twitter_site":"@SherWeb","twitter_misc":{"Written by":"Guillaume Boisvert","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/#article","isPartOf":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/"},"author":{"name":"Guillaume Boisvert","@id":"https:\/\/www.sherweb.com\/blog\/#\/schema\/person\/9d7eaf664a5d618b082f0a8454c779f5"},"headline":"Security awareness training is no longer optional","datePublished":"2020-04-30T19:19:41+00:00","dateModified":"2024-06-03T16:15:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/"},"wordCount":1006,"commentCount":4,"image":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/#primaryimage"},"thumbnailUrl":"\/blog\/wp-content\/uploads\/EmployeeTraining-1200x480-1.png","keywords":["Awareness training","Cybersecurity"],"articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/","url":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/","name":"Security awareness training is no longer optional | Sherweb","isPartOf":{"@id":"https:\/\/www.sherweb.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/#primaryimage"},"image":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/#primaryimage"},"thumbnailUrl":"\/blog\/wp-content\/uploads\/EmployeeTraining-1200x480-1.png","datePublished":"2020-04-30T19:19:41+00:00","dateModified":"2024-06-03T16:15:58+00:00","author":{"@id":"https:\/\/www.sherweb.com\/blog\/#\/schema\/person\/9d7eaf664a5d618b082f0a8454c779f5"},"description":"It doesn\u2019t matter whether you\u2019re a small business or multinational enterprise, cyber security awareness training is no longer optional.","breadcrumb":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/#primaryimage","url":"\/blog\/wp-content\/uploads\/EmployeeTraining-1200x480-1.png","contentUrl":"\/blog\/wp-content\/uploads\/EmployeeTraining-1200x480-1.png","width":1200,"height":460,"caption":"Security awareness training"},{"@type":"BreadcrumbList","@id":"https:\/\/www.sherweb.com\/blog\/security\/security-awareness-training-is-no-longer-optional\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.sherweb.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.sherweb.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Security awareness training is no longer optional"}]},{"@type":"WebSite","@id":"https:\/\/www.sherweb.com\/blog\/#website","url":"https:\/\/www.sherweb.com\/blog\/","name":"Sherweb","description":"More than a cloud marketplace","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.sherweb.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.sherweb.com\/blog\/#\/schema\/person\/9d7eaf664a5d618b082f0a8454c779f5","name":"Guillaume Boisvert","description":"Guillaume identifies and evaluates new solutions and product features that help Sherweb and its partners grow and compete. Responsible for the growth and development of Office Protect, Sherweb\u2019s security add-on for Microsoft 365, Guillaume leads the team responsible for building and commercializing the company's in-house security offering. He has almost two decades of experience developing software-as-a-service (SaaS), both as a technical lead and as a product manager.","sameAs":["https:\/\/x.com\/https:\/\/twitter.com\/GoGreenwood1"],"url":"https:\/\/www.sherweb.com\/blog\/author\/guillaumeboisvert\/"}]}},"tag_names":["Awareness training","Cybersecurity"],"_links":{"self":[{"href":"https:\/\/www.sherweb.com\/blog\/wp-json\/wp\/v2\/posts\/20842","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sherweb.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sherweb.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sherweb.com\/blog\/wp-json\/wp\/v2\/users\/84"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sherweb.com\/blog\/wp-json\/wp\/v2\/comments?post=20842"}],"version-history":[{"count":14,"href":"https:\/\/www.sherweb.com\/blog\/wp-json\/wp\/v2\/posts\/20842\/revisions"}],"predecessor-version":[{"id":24788,"href":"https:\/\/www.sherweb.com\/blog\/wp-json\/wp\/v2\/posts\/20842\/revisions\/24788"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sherweb.com\/blog\/wp-json\/wp\/v2\/media\/20849"}],"wp:attachment":[{"href":"https:\/\/www.sherweb.com\/blog\/wp-json\/wp\/v2\/media?parent=20842"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sherweb.com\/blog\/wp-json\/wp\/v2\/categories?post=20842"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sherweb.com\/blog\/wp-json\/wp\/v2\/tags?post=20842"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}