Why do financial institutions spend hundreds of thousands of dollars on firewalls, 24/7 intrusion monitoring, multi-factor authentication, spy ware and anti-virus systems, but security training ends with an acceptable use policy that no one ever reads? With 80% of all fraud and security attacks coming from internal sources, a greater emphasis needs to be put on security training and awareness for financial institution employees.
The reasons for not implementing employee training and awareness are obvious. First and most importantly to management is obviously the time and money involved to adequately train everyone. Upper management is just as susceptible from password hacking, social engineering, and security breeches as anyone else. Next, is the issue of finding a program that works. If employees are forced to do some on-line training when they can find some time, who is to say that they are not just clicking through and guessing at the questions just to get the boring thing over with.
The answer to this is integrating information security into the culture of the organization. Something that everyone buys into will be successful and not a burden or hassle for employees. In an environment where passwords written on a post-it note on someone’s desk is appalling to everyone is a culture that understands information security.
I encourage you and your organization to explore Security Training options. A good program will educate people on Social Engineering, importance of complex passwords, clean desk policies, phishing and much much more. Also, try to make it fun for your employees. Find a training firm that knows what they are talking about, but won’t put you to sleep while doing so. Interactive training is always easier to keep employees attention. Finally, let them take something tangible away from the training, like notes, pens, desk toys, or anything that keeps information security on the front of their minds.
The benefits of security training are great. Besides the obvious of data protection, it keeps regulators at bay on how information security rates in your organization. Give security training a serious thought.