Security awareness training isn’t provided enough, or effectively enough, in workplaces, Omer Taran argues on SecurityInfowatch.com.
“Security awareness training has existed for decades — yet in all that time, it seems as if it hasn’t reached the level of effectiveness we hoped for,” Taran writes. “…Anywhere from 35-80% of security breaches start with employee involvement, usually with the employees being completely unaware of it.”
Taran summarizes the problem this way: “For a training program to be truly effective—that is, to offer the highest level of protection to an organization—it requires the following aspects:
• The program must be conducted year-round,
• Needs to be based upon exercises and challenges that utilize procedural knowledge,
• Must include immediate and concrete feedback,
• Must use a combination of repetitive yet diverse scenarios.”
Taran likens the problem to “learning to swim from a textbook,” and offers valid suggestions on achieving effective workplace security.