David Kelleher, communications and research analyst at GFI Software is back this week discussing the need for companies to educate their employees on basic security principles. In last week’s podcast, David touched upon what GFI are doing to help SMBs stay secure.
Employees need to be educated about security because they are the people who manage the data of the organization and keep it running.
- All their actions that are done online have a security element to them
- There is an element of cost to the organization
- Employee activity should not be taken for granted because not all employees are IT savvy
- Most SMBs are unaware of the security risks out there such as endpoint security
Education awareness programs should be mandatory for all employees with refresher courses happening on a six month basis. These should not be full of technical jargon but rather, an explanation of the security risks involved when they use the Internet and outside sources such as USB sticks.
For employees to follow policies it’s important to actually explain the thought process behind these policies and not just dictate them. If an employee understands the risks involved then they are more likely to accept and follow the policy.
Whilst educating users is a very important aspect of security, it cannot stand alone. Software still needs to be installed as a security barrier. However, explaining security threats to employees is a step towards preventing security breaches through the human element.[audio:http://www.gfi.com/blog/wp-content/uploads/2009/06/gfi-securityeducation-podcast-2.mp3]