A maximum threat to Information Security actually comes within an organization due to lack of knowledge or trainings on Information Security to the employees. Attacks have proved to be the most dangerous threats that can affect the organizations. It is not always dissatisfied employees or corporate spies are a threat but, it is the untrained employees who can cause damage to organization. In 2012 the average cost of a data breaches was US$ 5.5 million. How to tackle the issue of Information Security? What can be done about this issue?
Organization must focus on people and technology to minimize loss and must realize that the threat of data loss is real, endangered, and significant. Organizations should start realizing the need for Security training. According to a study conducted by McAfee in 2005, employees of an organization revealed the following statistics:
1) 62% – admitted they have a very limited knowledge of IT Security
2) 21% – let family and friends use company laptops and PCs to access the Internet
3) 51% – connect their own devices to their work PC
4) 1 in 10 admitted to downloading the content at work they should not
5) 51% – had no idea how to update the anti-virus
6) 5% – say they have accessed areas of their IT system
Types of Training Methods
One of the best ways to make sure that employees will not make any costly errors to Information Security is to provide information security training. Listed below are the 5 types of training methods available for creating awareness on information security among employees.
1. Web-based Training
Some corporations offer both live and web-based training and utilize a variety of methods such as simulation games as the interaction is two-way. Other corporations offer videos, web-based training, and live trainers etc.
2. Classroom Training
Using a classroom for security awareness training can be beneficial due to the readiness of someone to answer questions in real time. There can also be a Q&A period for the training program.
3. Security Awareness Website
These websites consists of areas that need to be covered like organization’s security policy, file sharing and copyright desktop security, wireless networks, and password security.
4. Useful Hints
Useful hints can be tips and reminders that are pushed on to the user screens when they log in. Tips like “Never keep your password in a place that can be viewed by anyone besides you”. Reminders such as change password or run virus scan etc.
5. Visual Aids
One such example is to create a catchy password security poster, one says to change it often, another says not to leave passwords lying around, and another one says not to share them with friends.
These training methods can facilitate the employees in having a good understanding of the company security policy and procedures.