Current technologies require users to think about security in ways they have not had to before. Research shows that a lack of security training for non-IT personnel causes the most serious problems. Is your support staff contributing to the education of your users?
A survey from IT trade organization CompTIA finds that the most serious of information security problems could be addressed by putting more effort into training users. But rather than increase security training for non-IT staff, most companies are cutting back.
From the CompTIA press release regarding their research:
“…human error is the primary cause of the most severe security breaches, yet significantly fewer organizations (45%) provided security training for their non-IT staff in 2008 compared to 53% in 2007.”
The research leads on the survey account for their results by pointing to the prevalence of portable devices and the uptake of new methods for sharing information. There are more systems and platforms to secure than there ever have been before, and information is moving around in an unprecedented fashion. Used to be that one could secure a LAN with simple antivirus software. Now, between laptops, smartphones, and VPNs, it is hard to say where your network actually ends, let alone guarantee it is 100% secure.
As business computing becomes more complicated with new hardware and new methods of communicating, there is a lot more for the user on the ground to contend with. Making sure that the principles of secure behavior are imparted to your staff is more important than ever.
CompTIA reports that companies have cut back on security training for non-IT personnel, in spite of the fact that the vast majority of survey respondents note fewer security incidents when users have increased awareness and can identify risky behavior. Your support team is positioned to provide supplemental security training for your staff. Don’t let your users go without the knowledge they need to be safe. Down the road, it will almost certainly save your company time and money.
A summary of CompTIA's security study can be found here.