creative soul - Fotolia

Q
Manage Learn to apply best practices and optimize your operations.

Why do enterprises need employee security awareness training?

With human error as the leading cause of breaches and security incidents within the enterprise, organizations should offer employees mandatory security awareness training with regular refreshers.

Believe it or not, most studies show that employee human error is by far the leading cause of malware infestations, data breaches and other security incidents within the enterprise. While these are referred to as insider threats in the IT security world, that name is somewhat misleading. After all, we're talking about your employees. Most of the time, no malicious intent is actually behind an insider threat incident. Instead, the threat is simply an employee's lack of understanding regarding how to operate safely within the corporate network. To address the problem, offering employees security awareness training on data security threats and how to avoid them will go a long way toward better securing your IT infrastructure.

If your IT security department is spending thousands or millions of dollars on the latest high-tech firewalls, malware prevention software and data loss mechanisms but doesn't properly train employees on security threats, you're probably throwing your money away.

In most businesses, trusted employees are granted a great deal of privileged access to sensitive information. Despite all of the expensive security tools you may have implemented to protect data from being harmed or escaping, it remains easy for poorly informed employees to inadvertently bypass security tools without being aware they're doing something wrong.

The key to proper security awareness training is to provide education early and often.

The key to proper security awareness training is to provide education early and often. Many companies require new hires to go through some form of security awareness training during their new employee orientation process. While this is a good first step, it doesn't go far enough. For starters, new employees are likely to be overwhelmed with all the new people and processes thrown at them. The likelihood a new employee will retain even a portion of what was presented with security awareness training is low. One best practice is to schedule a mandatory refresher course within 30 days of an employee's hiring date to better solidify the initial training program.

The other misstep that companies take when instituting security awareness training is that they fail to provide regular and mandatory refresher courses that cover new security procedures, standards and threats. Mass emails or mentions on the corporate intranet don't cut it. Despite the time, effort and cost required to provide continuous retraining on data security threats, the return on this security investment can be enormous.

Dig Deeper on Security awareness training and insider threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Have your organization's security awareness efforts paid off in terms of decreasing security incidents based on human error?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close