Educating employees around appropriate internet and email protocols is also vital. Dale Meredith, Pluralsight author for ethical hacking, says that although companies spend vast sums training staff to keep resources secure, they then fail to implement the necessary training when it comes to data security.
“Employees are complacent, particularly when it comes to password security and personal use of company devices,” says Meredith. “Training plays a vital role in educating the workforce and reinforcing how even the most innocent actions can have very serious consequences for security.”
It’s a view shared by Denise Hudson Lawson, enterprise learning architect EMEA at Pluralsight. “It is crucial to democratise the opportunity and enable everyone to upskill around cyber security,” she says. “Training and education will arm the workforce with the right skills to protect the business.”
One man tasked with providing this training is Vijay Rathour, vice president at digital forensics specialist Stroz Friedberg. He works with businesses to help improve their IT security, and an increasingly popular service is phishing campaign training. “We ask companies what would really test their organisation,” explains Rathour. “We then tailor a series of emails to make them look like material employees might receive, send them out covertly and check the click-through rates.”
Results can be varied – Rathour cites his experience of running a phishing campaign at one 30,000-employee organisation.
“About 60% clicked on the phishing campaign link,” he recalls. “It was such a travesty that the company immediately went back to the drawing board in terms of security.”
Quote taken from Published article at http://www.hrmagazine.co.uk/article-details/does-your-business-have-a-false-sense-of-security