Security awareness trainers understand that most end users can’t really be “trained” in how to protect their systems and their corporate networks. However, if all systems are security protected and configured, security awareness training can assist in helping end users understand the security risks and know what mistakes to avoid making.
Information security is primarily focused on technological solutions and most organizations have implemented anti-virus, firewalls, IPS, monitoring and logging and a host of others to keep out the bad guys. However, despite all the technology to secure sensitive data, the weakest link is the end user. End users need to interact with sensitive data in order to get their jobs done. The legal and regulatory landscape recognizes this and outlines to organizations how to minimize risk by limiting the number of employees that have access to this data as well as clearly outlining that a security awareness program has to exist in the organization. It also outlines that employees need to attend at a MINIMUM, annual awareness training.
As an organization, are you just doing the minimum? Unfortunately, many organizations are. Maybe you provide a yearly lunch and learn reminder perhaps is what you doing? This is nice, but how about doing it on a monthly basis. Perhaps you do something to remind your employees that they need to be extra careful with information? Do you believe this is sufficient in being able to address the potential risk of sensitive data leakage? Think again. Security awareness needs to work in conjunction and partnership with technology solutions to be successful.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment