Security / Compliance
National Cyber Security Month 2019 Week 4 - The most effective security beyond the firewall

Awareness training is mission critical
Awareness training is mission critical and should be considered as seriously as any other security system. Employee security awareness training programs have become a necessity for organizations in recent years because of the high percentage of data breaches caused by careless and negligent workers. But not all organizations have implemented training. Many who have implemented a program, have created ineffective training.
Employee negligence ranks among the highest of security risks
Negligent employees are one of the highest security risks for organizations in the US and elsewhere, according to a 2018 study by Shred-It. 84% of C-Level and 51% of small business owners described employees as their biggest security problem. Negligent employees are at least partly to blame, for many of the data breaches at major US companies.
Breaches aren't the only reason to implement training
Breaches are not the only reason for employee training. Many regulations, like PCI and HIPAA, mandate, and benefit from, regular employee security awareness training. While requirements for such training can vary, the goal is to ensure companies take measures to address risks posed by employees and other insiders, with trusted access to enterprise networks and assets.
Creating effective training
Effective training isn't just text on paper with a few scary images of a hacker at a keyboard. Effective training starts by engaging the user. This can be done through many different avenues, such as gamification, interactivity, polls and results, videos, real-time stats and headlines and even real-time breach/hacking simulations.
On top of an engaging training program, employees must be provided with consistent follow up. This can be retaking the training every 3 months, it can be testing, or even an entirely new training program. But they key is that it needs to be consistent and it needs to be regular. If years, or even many months go by with no training, old habits will prevail, and employees will again become the weak link in the security plan.
Resources
“7 Tips for an Effective Employee Security Awareness Program.” The Media Trust, 17 Apr. 2019, mediatrust.com/media-center/7-tips-effective-employee-security-awareness-program.
Related Articles

Security / Compliance
Common Cyber Security Mistakes To Avoid
Avoiding these simple mistakes can go a long way to ensuring security for you and your customer.By / Advisors / February 7, 2020

Security / Compliance
National Cyber Security Month 2019 Week 3 - Human error poses one of the biggest risks to organizations
Research shows that human error ranks higher than software flaws and vulnerabilities for cyber risk.By / Advisors / October 10, 2019

Security / Compliance
National Cyber Security Month 2019 week 2 - Building Cyber Resilience
Cyber resilience can mean many things to different organizations, but generally it’s about strategically implementing preventive measures to ensure full preparation for whatever security risks come your way.By / Advisors / October 3, 2019