Where to focus your IT security training

Not all users are created equally when it comes to their knowledge and attitudes regarding IT security. 

Not surprisingly, younger folks tend to be more confident and overestimate their ability to stay safe from online security risks, according to a recent study conducted by ZoneAlarm, a unit of security vendor Check Point.

Among the 1,245 computer users surveyed, 40% were 18-25 years old, 20% were 56-65, and the rest were 36-65.

While a third of the users in the oldest group admitted they were “very concerned” about security and privacy issues, just 20% of the younger users said the same. Also, 58% of the 56-65 group said security was their most important tech consideration, compared to just 31% of the youngest group.

Younger respondents were also more likely to claim they were knowledgable about IT security and less likely to use antivirus software and other security tools.

However, that confidence may be to blame for the fact that users in the younger age group were most likely to have experienced malware infections and other IT security incidents. Half of those respondents had experienced some type of security breach in the past two years, compared to 42% of the oldest group.

Many IT departments struggle with getting users to follow security rules and practices because some users believe they know it all when it comes to security.

Therefore, the best method for IT security education may be to take different approaches for different groups, focusing on awareness for those who think they’re immune to security risks, and knowledge for those who are less technically savvy.

For the former group, some experts recommend that the IT staff conducts harmless security attacks against users — for example, in-house phishing attacks in which an IT employee plays the role of a cybercriminal — to show them they might not know everything after all.