User Security Awareness Programs, Are They Overrated?

contact us

It has been observed that 87% of the companies that experiences major breaches and compromise of their sensitive data, have immature to non-existent user awareness training in security. Despite having the latest in security assets, companies that do not train their end users about cyber security exponentially increase their exposure to compromise and loss of sensitive and valuable data.
The weakest and strongest assets in any organization, are its people. A workforce well trained to recognize phishing, cross site scripting, social engineering and other malicious attacks, forms a web of users armed with the knowledge to protect the organization.
So where do we start? Every organization should have outlined in their security policy, a user awareness program. This should be conducted every quarter or at least every 6 months. This should be a collaboration of ideas and communication about the current state of cyber security and a reminder of the ways end users need to protect themselves and the company. Security awareness is the responsibility of every employee, not just the firewall team or cyber security operations center.
How to deliver a user security awareness program? Make it interactive. Never plan a series of boring PowerPoint workshops, where the end users sit and look at slides. Do tabletop exercises and plan sessions to depict real-life scenarios. Have participants act out various aspects of the cyber kill chain. They should have expertise on various topics to assist the teams in identifying various critical points on how to protect against breaches and loss of personal data.
User security awareness programs are not overrated, they are essential, and more companies need to formalize such programs into their overall security strategy. Some of the benefits are, a better culture, confident staff, saves money by avoiding user mistakes that could result in a breach, and enhanced security. It is very important to note is that of all the insider threats, an uninformed user is the most dangerous. Costly mistakes can run into millions of dollars.
In conclusion, we should remember that awareness is an essential part of prevention and protection.

  1. Share this page