Basic Security Training for Employees Not Enough to Stop Data Breaches: Report
Negligent or untrained employees are responsible for a staggering number of data breaches, suggesting that workplace training programs are not doing enough to educate them. A new study conducted by Ponemon Institute on behalf of Experian suggests that 55 percent of organizations have had a security breach due to a malicious or negligent employee.
Though every company surveyed has a training program in place, only half of the companies agree or strongly agree that current employee training actually reduces noncompliant behaviors.
SEE ALSO: Human Resources May be Your Greatest Cybersecurity Weapon
While the courses offer the basics around security, only 38 percent of respondents said that the course includes mobile device security and 29 percent said the course includes training on the secure use of cloud services. Less than half (45 percent) of respondents said that the training is mandatory for employees.
In order to create a culture of security, the study recommends providing interactive games that illustrate threats for employees which can make the content easier to retain. Employees should also be given incentives around reporting security issues and protecting confidential information.
[LEARN MORE AT HostingCon with Trey Guinn on The New Encryption Landscape: Trends and How To]
The change in culture starts at the top as only 35 percent of respondents said senior management believes privacy and security training is a priority.
A minority of companies (19 percent) said their organizations actually demote employees or reduce salary, bonuses or incentives (16 percent) in the event that an employee is found responsible for a data breach.
A study last year found that inappropriate file sharing inside the organization was the most likely cause of data leakage. Eighty-four percent of companies surveyed by Enterprise Management Associates (EMA) said that they planned to improve file security through investments in training.
Source: TheWHIR