For Most Firms, IT Security Training Is Minimal At Best

30/08/2016 10:07

Despite the constant media attention to security breaches and data theft, few companies are investing heavily in IT security training.

 

That is the finding of a new study by Shred-It and Ipsos, which looked at information security training programs. The study found 78 percent of U.S. small business owners and half (51 per cent) of C-Suite respondents report that they only conduct employee training on their company's information security procedures once a year or less.

 

Furthermore, 28 per cent of U.S. SMBs report they have never trained employees on how to comply with legal requirements or company information security procedures; and 22 per cent only conduct training on an ad-hoc basis.

 

"With employees returning to work in the fall, business leaders have a prime opportunity to engage their teams and raise awareness of information security risks. They can consider taking advantage of this time to launch a comprehensive training program that makes information security best practices a part of all employees' daily routine and responsibilities," says Andrew Lenardon, global director at Shred-it.

 

"Successful programs focus on building organizational knowledge and capacity on the right way to manage, store and destroy physical and digital data,” Lenardon says. “Without good training repeated throughout the year, employees can unintentionally expose their organizations to serious risks including reputational damage, theft, fraud and data loss."

 

Experts suggest that employees may forget 50 percent of training information within one hour of a presentation, 70 percent within 24 hours and an average of 90 percent within a week. When you consider this, it is clear that training once a year or on an ad-hoc basis is not sufficient to ensure information security policies and procedures are being followed.

 

"Repetition and frequency are the keys to helping employees understand their roles and responsibilities around data management," explains Lenardon.

Read more: https://www.information-management.com/news/security/for-most-firms-it-security-training-is-minimal-at-best-10029602-1.html