Security / Compliance

National Cyber Security Month 2019 Week 4 - The most effective security beyond the firewall

By Cory Dzbinski / Oct 17, 2019

Awareness training is mission critical

Awareness training is mission critical and should be considered as seriously as any other security system. Employee security awareness training programs have become a necessity for organizations in recent years because of the high percentage of data breaches caused by careless and negligent workers. But not all organizations have implemented training. Many who have implemented a program, have created ineffective training.

Employee negligence ranks among the highest of security risks

Negligent employees are one of the highest security risks for organizations in the US and elsewhere, according to a 2018 study by Shred-It. 84% of C-Level and 51% of small business owners described employees as their biggest security problem. Negligent employees are at least partly to blame, for many of the data breaches at major US companies.

Breaches aren't the only reason to implement training

Breaches are not the only reason for employee training. Many regulations, like PCI and HIPAA, mandate, and benefit from, regular employee security awareness training. While requirements for such training can vary, the goal is to ensure companies take measures to address risks posed by employees and other insiders, with trusted access to enterprise networks and assets.

Creating effective training

Effective training isn't just text on paper with a few scary images of a hacker at a keyboard. Effective training starts by engaging the user. This can be done through many different avenues, such as gamification, interactivity, polls and results, videos, real-time stats and headlines and even real-time breach/hacking simulations.

On top of an engaging training program, employees must be provided with consistent follow up. This can be retaking the training every 3 months, it can be testing, or even an entirely new training program. But they key is that it needs to be consistent and it needs to be regular. If years, or even many months go by with no training, old habits will prevail, and employees will again become the weak link in the security plan.