User education is more effective than the best security technology alone.
One of the leading causes of data breaches is internal negligence due to poor training, according to the Ponemon Institute.
But when the staff is educated and instructed on the proper practices, the risk of cyberattacks or data leaks can be reduced. Infact, you can reduce your risk more this way than with just the use of modern cloud security software and best security practices.
Unfortunately, most companies just try to toss technology at security problems. Even when they do an amazing job locking up their cloud-based systems, they still run a high risk because staffers are now the biggest security hole, and the only way to plug that hole is through training.
Training incudes issues as rudimentary as not giving out user IDs and passwords when somebody calls or emails. Or having with policies around the storage of company data on laptops that can be easily stolen, and security policies that should be followed by all.
If you send out simulated phishing emails, you’ll find that about 3 to 5 percent of your employees will send back sensitive security credentials, thinking that it’s a legitimate source. Evenmore will respond and provide their current credentials if they are sent to a fake site to “change their passwords.”
Security training is not sexy. But it’s one of those things that needs to be done; otherwise the best cloud security won’t work.
This training should be funded by IT, and not by human resources departments. If IT does not have skin in the game, not much is accomplished, and the likelihood is that the training loses steam over time. This training should be routine, consistent, and ongoing.
via: infoworld
Training? Got it covered.
I read the readme and most of the introduction in the manual. I’m our in-house expert now.