Why Security Awareness Training

Cybercriminal in action

Enterprises invest in all the latest security technologies but often neglect an absolute fundamental component of information security – end users. Organizations can employ the best technology practices of next generation firewalls, anti-malware and intrusion prevention system. Corporations these days understand security should be ‘baked in’ during the software design phase, they train their application development staff in secure coding, they even rigorously pentest (penetration testing) to assure they haven’t overlooked anything a cybercriminal might easily exploit. Beyond this are countless technology, people and process investments which often exclude end user training. Despite these many prudent technology investments they ignore a key weak-point — a staff lacking the understanding of information security basics. Herein we’ll explore why your employees are your weakest link in securing your organization and how you can address it.

Security Basics

Most end user (through no fault of their own) are not information security experts. Fact is, we can’t blame them but we can do our best to arm them with knowledge. The end user need to have a clear understanding of information security in terms they can easily understand. When they possess this knowledge they are less likely to click on that Phishing link, install ransomware or open that malicious file attachment. Just as worrisome is the fact that most employees don’t know how to spot social engineering or physical security threats they face daily. When users understand security fundamentals we arm them to better defend our organization by behaving in a way that improves our security posture.

Security Awareness Training

To be absolutely clear, end users are not at fault in this equation. Rather it is the responsibility of IT, business leadership to spearhead these efforts. End user training turns our once vulnerable user-base into our greatest security asset. This small investment in end user training pays huge dividends when you find your staff is no longer a major source of your security incidents. Information security training is as worthwhile an investment as any technologies in your defense in depth strategy.

Ongoing Security Training

Security awareness training, like almost any knowledge-base isn’t a one time thing. Instead information security awareness training should be an ongoing process to keep your staff abreast of the evolving threat landscape. At the very minimum it should be an annual process with consistent processes that keep employees aware of threats as they appear. Is your organization doing this now? If not, why not? As always please do leave a comment below or drop us a message.

Joseph P. Guarino has a long history of producing business results with the application of information technology. Joseph's expertise span over 15 years in the private sector at leading technology firms and consulting organization. With Evolutionary IT, he saw a market need to bring his transformative knowledge and expertise to firms in the New England area and worldwide. Joseph is driven by a strong desire to see customer's thrive with the best business solutions. Evolutionary IT evolved out of this desire to bring a new level of quality IT solutions, align them with business goals and give customer's a competitive edge.
Posted in Information Security, Security Awareness TrainingTagged  |  Leave a comment

Leave a reply