At Absolute, we talk a lot about building a holistic approach to data security, one which includes people, processes and layered technologies. The Verizon 2015 Data Breach Investigations Report (DBIR) indicated that 90% of security incidents could still be tied back to “people,” which shows that focusing on employee training and awareness can go a long way to reducing security incidents and subsequent data breaches in all their forms (whether from lost devices or cyber attack).
Chris Mohan recently wrote an article on the challenges of Security Awareness Training. In his article, he talks about the difficulty of moving employees from being an “attack vector” to being an “attack alerter,” which indeed is a worthy goal. Chris outlined many challenges, including:
- Phishing emails are well designed. People don’t think they will fall for them – but they do.
- Security training must be customized per user group in the organization or it will be completely ineffective.
- Security training must be updated constantly.
- Getting employees engaged in security and their role in protecting data is challenging. As our own surveys have shown, most employees don’t believe it’s “their responsibility,” when in fact it should be everyone’s responsibility.
- There is no proven set of training guides or rules that negates the “people” problem.
Chris talked about some resources to help build a security awareness program, including the resources at Securing the Human, which are distributed under Creative Commons. The resources at Securing the Human include industry specific ideas as well as packages on specific threats such as phishing. These are great resources you can take and customize for specific user groups within your organization.
We share some of our thoughts on employees and data security in Defending Corporate Data in Spite of Employees as well as our whitepaper, ‘The Enemy Within – Insiders are still the weakest link in your data security chain.’
Absolute Software can help you gain visibility into each area of data protection – authentication, authorization, audit and administration – and can help you ensure that governance, risk management and compliance measures are in place. The unique persistence technology offers an important layer to any data security strategy and helps mitigate the risk of human error, rogue employees, and cybercrime. Absolute Software can help organizations plug the security holes created by mobility and human error. Learn more at Absolute.com