Security Awareness Training: The First Line of Defense

Compass IT security auditors are often asked if there is a single “most important” factor involved in safeguarding a business’s data assets.

To be sure, trade magazines and “tech-channels” are often promoting the latest IT security cure-all. But, while these solutions can go a long way toward hardening system networks, many require dedicated IT staff (and maybe even a few IT All-stars) just to configure and maintain.

So where does that leave small and medium size enterprises that are subject to the same threats as Fortune 500 companies, but lack the resources to employ a 100-man strong IT army?

For these clients, defending against cyber attack demands an optimal use of resources, and few solutions, technical or otherwise, is more cost-effective than a well-trained and prepared employee.

After all, research shows time and again that the weakest link in network systems is almost invariably their propensity for human error. This is especially so in a high-speed information-driven environment, where email and Internet traffic account for the majority of demands on IT infrastructure.

Indeed, most hackers today work to exploit these channels—by crafting realistic email messages or compromising a favorite web-sites, they entice users to click on links that covertly install viruses, worms, back-door Trojans, key-loggers, and other malicious code. Why spend hours, days or even weeks attempting to bust a company’s perimeter defenses, when a simple email could yield the keys to the kingdom? 

And once malware is on the inside all bets are off.

Countering this kind of attack requires its targets—network users—are aware that threats are out there and have the knowledge to recognize (or at least suspect) when the enemy might be at the gate.

Thus, regular security awareness training about emerging threats and ploys is essential.

Of course, a robust IT security curriculum is only one component in any comprehensive information security program. And all organizations must deploy a range of perimeter defenses, including firewalls; current and updated antivirus/antimalware software on all computer systems; appropriate user access controls; and up-to-date hardware and software systems, to name only a few.

In a world characterized by a proliferation of cyber threats, where a single breach can lead to proprietary information being sold to the highest bidder on the black market, and irreparable harm to your organization’s reputation, advance preparedness training may be the closest thing to a silver bullet our industry has.

To find out how Compass can help prepare your employees to become your first line of defense against threats to your information please download the Compass Security Training brochure: