Information Security Training, is it a Necessity?

Information Security Training, is it a Necessity?

How many of you know about the Enigma machines, which were used by Germany in Second World War? They are machines used for encryption and decryption, of certain secret information during the war. The British army was able to break the code of Enigma and decrypted the information, which helped them to know the secret strategies of German. This information leak proved costly for the Germans, who ultimately lost the war.

The above case clearly shows how important it is to keep the information secure. In today’s globalized economy security risk is affecting all organizations, whether large or small. According to the survey conducted by the PricewaterhouseCoopers (a consultancy firm) on information security, a number of security breaches affecting the businesses are increasing continuously.

The below figure gives us the information about the total average cost of data breaches, suffered by Organizations operating in various countries in the year 2013 (Research conducted by Ponemon Institute a research firm on “Cost of data breach in 2013”)

Information about Total Average Cost of data breaches

[Source:Ponemon Institute Research Report on 2013 Cost of Data Breach]

Moreover, the research (see below) also pointed out that 35% of the data breaches have occurred due to human factors, such as employees not handling the sensitive information and lack of awareness.

Distribution of the Benchmark Sample by root cause

[Source: Ponemon Institute, research on 2013 Cost of Data Breach]

Robert Hamilton, Director of Product Marketing at Symantec, says that the key to reduce such data breaches is to educate the employees. Larry Ponemon, Founder of Ponemon Institute says that employees, who do not understand the importance of safeguarding the information, may put the company at risk.

So to keep the information secured, inspite of the many measures taken it is necessary to make the employees aware, of the importance of information security and the precautions they need to take, while handling sensitive information.

At this juncture, training employees on data privacy and security awareness has become important. However, training on traditional platforms like classroom training or instructor led training, may not keep your employees in pace with dynamic technology, making sensitive information more vulnerable.

When can you consider eLearning as the better training delivery option? Let us see in my next blog!

View Presentation On Employee Security Awareness Program