Are your staff a security control or a vulnerability?

A recent survey conducted by AXELOS opened a debate about the implementation and effectiveness of staff awareness training in UK organisations. Despite the fact that 99% of professionals responsible for staff awareness training in companies highlighted the importance of information security awareness learning to “minimise the risk of security breaches”, only 28% considered their company’s staff awareness training “very effective” at helping staff to adopt more secure behaviours.

Staff: security control or vulnerability

Theoretically, an effective staff awareness programme reduces the risk of breaches because staff know how to avoid dubious situations, and it improves the way security measures are implemented. In reality, however, there is an unpredictable factor in the equation: human behaviour.

“Staff should be [companies’] most effective security control but are typically one of their greatest vulnerabilities.” said Nick Wilding, head of cyber resilience best practice at AXELOS. That is because people, processes and technology are the three fundamental domains of an effective cyber security strategy. You can have the best technology in place and the smoothest processes, but if you fail in training your staff, your efforts will be in vain.

What’s at stake? Your reputation, your trustworthiness and your advantage over competitors.

Lack of control over staff awareness programme

The unpredictability of human behaviour has an impact on your staff awareness programme as well. According to the research, 25% of professionals declared that no more than 50% of staff had completed the information security awareness programme. How can they effectively ensure their staff have learnt from the training and are adopting the best security practices?

Stay in control of your staff awareness programme

Changing human behaviour is a very hard task, but with a careful eye on staff awareness training, you can succeed in the challenge. With the IT Governance staff awareness e-learning courses you will be in control of your training programme from beginning to end. Your staff can access courses from whenever they want by logging onto the IT Governance e-learning website. Each course has a series of questions to test their understanding of the topic and if they are not satisfied with their grade, they can retake the course as much as they wish – and you will always know who successfully completed the course and who failed.

Reduce your security risk exposure with the Information Security Staff Awareness e-Learning Course >>

Share now…

Share on Twitter Share on Facebook Share on LinkedIn