As a business manager, you may be wondering “Can Security Awareness Training protect my firm?” or “Do I need to be doing something more?”
You’ve probably seen Security Awareness Training. These are the programs that tell you to “use strong passwords” or “stay safe on the web.”
So, is it enough?
There are two schools of thought on this – and they both have merit.
On one side, experts talk about people being your best line of defense – but also your greatest weakness. There’s pretty good data out there showing that many cyber incidents come down to people making mistakes – they send the paperwork for the McGills to the McGillicuddies. And that’s not even considering the con artists.
Other experts say you’ll never train your way out of the risks. How did the system let you send the document? These are process failures to be fixed.
Like I say, you need both. You need Security Awareness Training for your employees including management. But your management team needs a deeper type of education to show them how to align their IT objectives with their business objectives.
In our next three videos, I’ll talk about your options in each of these areas.