How your peers boost security among users, staff

Improving security is a cooperative effort between users, IT staff and the top brass. And not every organization arrives at this goal the same way.

That’s what findings from CompTia’s report Practices of Security Professionals show. IT pros said they use a variety of tactics to try to drive home the importance of security at all levels, but most everyone agreed that security is a growing priority.

Security matters

Almost every survey respondent indicated that security has become more important in recent years. Compared with two years ago, those surveyed said its importance was:

  • moderately higher (48%), or
  • significantly higher (44%).

They also didn’t see that trend reversing in the future. Forty-seven percent of those surveyed said security’s value would be significantly higher and 43% predicted it would be moderately higher.

Boosting users’ awareness

One of the primary ways businesses are looking to boost security is by going directly to those who can have the biggest effect on it: the users. Of course, this is no easy task. Users are prone to mistakes, and education efforts for one may not work for another.

Companies seemed to use a hodgepodge of methods to increase users’ awareness of security and risk. This includes:

  • new employee orientation training (54%)
  • ongoing training programs (50%)
  • reviewing security policies (48%)
  • online courses (47%)
  • random security audits (43%)
  • vulnerability assessments (37%), and
  • ad hoc experiments (33%).

Staff need training, too

Finally, while IT staffers are more aware than most users, that doesn’t mean there isn’t room for improvement. The much-talked-about IT skills gap is a serious issue for many, where staffers may not have the advanced knowledge and skill to handle modern security threats.

But to deal with this issue, most of those surveyed seem to focus on boosting the skills of in-house employees. This makes sense, as hiring can be difficult and expensive.

The top two ways of addressing the skills gap were training for existing employees (66%) and IT security certifications (56%). Others tried to partner with outside firms (41%).

But for a significant number of those surveyed (31%) the answer was to bring in new employees with the necessary skills for help.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy