Is your enterprise a security thicko?

Security training needs to be much more targeted if it is to be successful, argues Davey Winder.

"A lot of companies tend to treat IT security education in isolation. Whereas it should form part of a company's overall training schedule. It should also be integrated into its culture and ethos,"  Robinson points out. In essence, it requires a culture and ethos that should involve people making sensible choices, to be frank.

One of the sensible choices, according to Stephen Bonner, a partner in KPMG's information protection business resilience team, might be in changing the term security awareness itself as this can suggest something done to an individual.

"Campaigns work best when people understand why it's important to the business to be sensible about security," Bonner insists. "[And] why it benefits them as an individual to do the right thing."

It also helps if the security policies are realistic about their expectations of user behaviour in the first place. And realistic about memory retention for that matter. Even when IT security training is provided for every employee, it's often not reaffirmed which means it could go in one ear and out the other very quickly.

"Enterprises should look to provide daily or weekly security tips to all employees and refresh or even test their knowledge on a quarterly basis to remain confident that their staff are up to date on the latest threats," says Chris Jenkins, European general manager for security at Dimension Data. Although I'm not sure daily security tips would get much real attention after a very short period of time. More likely, they would just get lost in the sea of other emails and communications. The quarterly refreshers, on the other hand, sounds eminently practical. None of which is to say that enterprises in general don't train staff in security matters as part of the induction process, and most medium-to-large organisations have significantly increased the amount of ongoing training they provide by way annual updates and the like.

"It does seem though that this is often driven for reasons of compliance to standards," warns Terry Greer-King, director of security at Cisco in the UK and Ireland. He continues: "Rather than a deep seated desire to improve things and there is significant room for improvement."

One area ripe for improvement is that the key focus of training is all too often misplaced, with staff perceiving that security is for the business to sort out with the relevant tools and restraints to support it. It's this failure to involve staff properly which is seen by many as the problem. "Failure to involve users as educated participants in security creates a fractured relationship and this fundamental disconnect, which applies across many businesses, leads to the failure to involve staff in risk awareness and assessment," insists Ian Kilpatrick, chairman of Wick Hill Group.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

The IT Pro Podcast: Why techies shouldn’t become managers
Careers & training

The IT Pro Podcast: Why techies shouldn’t become managers

10 Sep 2021
Podcast transcript: Why techies shouldn’t become managers
Careers & training

Podcast transcript: Why techies shouldn’t become managers

10 Sep 2021
The IT Pro Podcast: How umbrella companies exploit IT contractors
IT regulation

The IT Pro Podcast: How umbrella companies exploit IT contractors

3 Sep 2021
Podcast transcript: How umbrella companies exploit IT contractors
IT regulation

Podcast transcript: How umbrella companies exploit IT contractors

3 Sep 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022
Solving cyber security's diversity problem
Careers & training

Solving cyber security's diversity problem

5 Jan 2022