56% of users get no security, policy training

Users can be your greatest asset or your biggest vulnerability when it comes to protecting data. Surprisingly, many IT pros are more than OK with letting their users slide to the liability end of the scale. 

According to a recent survey by IT management consultants EMA, 56% of users said they receive no security or policy awareness training. And 45% of respondents reported they only get IT training once a year.

And their self-reported behavior would certainly indicate that they’re not getting the rundown:

  • 59% of users said they store company information on the private cloud
  • 58% have company information on personal devices
  • 35% clicked on links or opened attachments sent by people they don’t know
  • 33% used the same passwords for work and personal devices and accounts, and
  • 30% leave mobile devices unattended in their cars.

Training takes time

Here’s where most experts give you advice that boils down to: “Don’t have time for training? Then make time for training.” But it’s obviously not that easy. IT pros get pulled in a lot of directions, and it’s hard to prepare good user training when you’re busy making sure that systems don’t fall apart.

The good news is that even brief sessions or security updates can have huge benefits.

Here are some in-between training ideas: Not full-blown sessions, but substantial enough to get the point across.

  1. The lunch-and-learn. An optional training session to address issues that concern users could be an easy way to get folks on board with security training. A session like “Keeping your kids safe online” or “How to protect personal data from hackers” is going to get people’s interest. Once there, they’ll see the topics covered are also what will keep them safe at work.
  2. Security updates. If a news tech story catches your eye, share it with users. For instance, the recent Heartbleed bug would be a good way to remind users about password security at work and home.
  3. Keep it interactive. Quizzes and videos are good ways to keep users involved in training – in the EMA survey, 59% indicated that interactive sessions are important.
  4. Outsource it. If you don’t have the time or ability to train users, third-parties could be the way to go. Even though many are expensive, the costs pale in comparison to a data breach’s expense.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy