Skip to main content

Are You Doing Enough To Educate Employees On Security Risks?

By June 16, 2016May 25th, 2021Blog, Cybersecurity

AreXYouXDoingXEnoughXToXEducateXEmployeesXOnXSecurityXRisksYour employees are both your company’s greatest asset and your biggest potential security risk. In a recent study conducted by Experian Data Breach Resolution and Ponemon Institute, it was found that 55% of companies surveyed have experienced one or more security incidents where the catalyzing event was a negligent or malicious employee.

The study also revealed a few disturbing disconnects. For example, 60% of the companies surveyed believe that their employees have no significant knowledge of their company’s security risks, despite the fact that the overwhelming majority of companies offer training in this area. This is in stark contrast to the mere 35% of senior management who see employee education on corporate security risks as a priority.

Less than half (46%) of surveyed companies make security training mandatory, but here again, we find another disturbing disconnect. The quality of security training programs varies wildly depending on the company conducting the training. Cloud-based security protocols are only covered in 29% of training courses offered, barely a third (38%) cover mobile device security, and just 49% cover social engineering and phishing attacks, which are far and away the most common and pervasive security threats faced by companies today. Taken together, it’s no wonder that only half of the companies participating in the survey strongly agreed that the security training they offer actually does anything to reduce noncompliant security behaviors.

All of this paints a disturbing picture of the state of corporate security training, but it also points to a tremendous opportunity. If you’re looking for a cost-effective way to improve security at your firm, two things need to happen. First, the company you hire to conduct training needs to be carefully and thoroughly vetted, in order to ensure that the training offered covers the specific risks that your company regularly faces. Second, upper management absolutely must get behind it. One or the other is not enough. In order to be successful, both of these need to be in place to have a successful program.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.