How often do users get blamed for being careless by disclosing sensitive information or inadvertently clicking on a link that looks legitimate? Vendors and enterprises spend millions on security awareness education, but these same users continue doing dumb things and statistics show us that data breaches keep going up.
Why are we not getting this right? And who is to blame? Well, the organizations should be pointing the finger at themselves as it is proven that just attending a training course is not adequate to get the message across. It’s like sitting through an ‘Alcohol is really bad for You’ session and sitting back and thinking that all the attendees will leave the room and never touch alcohol again. It’s time to think outside the box and embrace innovative ways to engage the users by delivering bite size training that is relevant to them and more importantly having the tools to measure success.
Recently I asked the head of the Security division of a major enterprise ‘How do you measure the success of your security training?’ and he replied ‘we have 98% attendance on our training sessions’ um……
For those of you attending RSA Conference in London be sure to attend the session entitled ‘Training Employees to Recognize and Avoid Advanced Threats’ which will discuss the most effective methods of user training that deliver measurable performance levels.