Employees can unknowingly pose security risks to the organization they work for in a number of ways:
* Poorly designed passwords may increase the risk of network attack.
* Improper control of laptops or other mobile devices can lead to the loss of proprietary information.
* Failure to update virus software may lead to the infection of one or many computers.
* Surfing the web and downloading files from the Internet can reduce network bandwidth and loss of worker productivity.
* Falling prey to a social engineering attack may lead an employee to divulge confidential information.
However, with the right training, employees can become an organization’s strongest security asset.
A security awareness program enables organizations to improve their security posture by offering employees the knowledge they need to better protect the organization’s information through proactive, security-conscious behavior. To successfully protect information assets, employees at every level – from the top down – need a basic understanding of security policies as well as their respective responsibilities in protecting these assets.
Management personnel with security responsibilities require additional training. Without this understanding, organizations cannot hold employees accountable for protecting the organization’s resources and ultimately, its profitability.
To be effective, a security awareness program must be ongoing and include continuous training, communication and reinforcement. A one-time presentation or a static set of activities is not sufficient to address the ever-evolving threats to the security landscape. The key messages, tone and approach must be relevant to the audience and consistent with the values and goals of the organization. Equally important, an awareness program must influence behavior changes that deliver measurable benefits.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment