To help fend of spam, viruses, identity theft and corporate sabotage, IT managers need to train company employees to protect themselves and the corporate network, but with mass budget cuts and understaffed IT departments, it is just not getting done. That’s leaving IT managers with even more headaches and even more problems.
The simple problem is that it’s not happening.
How are IT managers supposed to improve security with staff shortages and budgets cuts? There is little time to focus on anything beyond putting out daily fires and staying current with software updates, patches and security alerts.
There is simply no time to do anything, let alone provide training sessions to teach people in finance, marketing and human resources to not fall prey to identity theft or the latest virus. It’s a pain in a bum.
Educated end users will reduce the amount of issues and fires IT professionals will need to put out. It’s important for IT managers to focus on education, even though there is constant pressure.
In organisations, there is little effort, or time, in providing training lessons of how to manage spam and junk mail. With an average employee receiving over 2,000 pieces of junk mail a year, that is a lot of opportunity and danger.
But what’s glaringly obviously, it is not up to the IT people to keep the network secure anymore. Keeping employees aware is the most important aspect. Loads of companies have policies, but not many have the resource to manage them.
However, it can be made easier by installing the right methods to employees as soon as they join. By providing basic teaching principles, employees will be better equipped to deal with spam and junk mail.
Basic training needs to start with teaching people how to recognise spam, fraud and hoaxes. Then, and only then, teach them about viruses, worms and Trojans. When employees hear these terms, what do they mean? What to look out for?
From then, social engineering should be the next thing taught. Someone intending to steal corporate information is often the one who make friends with unwitting employees. People need to know that they shouldn’t leave passwords written on Post-It notes, and never give away usernames and passwords.
Training though cannot be a one-time thing. Security awareness needs to be ongoing, and be part of new employee orientation and then training sessions should be held annually. Email alerts, too, would be a grand idea to keep them updated about the threats of new viruses, spam tactics and hoaxes.
Tracking methods can help end users deal with security issues. For example, if an employee uses company hardware to go shopping online, they should be explained the risks.
Make employees understand they are valuable to the solution. Invest in them to protect networks.
What do you think? What are your methods? @MicrosoftBizUK
Enjoy this video!
Posted by Steven Woodgate
Good computer security policy information. End user training is often neglected, thanks for sharing the video too.