I believe corporate security isn't a one man job; it takes an army of trained employees to combat the electronic threats of today. These employees don't always have to be highly skilled security analysts or engineers either. A company's greatest asset for defending their data and trade secrets sits at every desk within the organization. It just takes a little training to help them become security heroes.
Building a well-balanced security training program is the first step to providing your employees with the knowledge to help defend the organization. This starts by allotting time and a small budget to the security department, allowing the IT Security Manager to properly research and develop training material which would be useful for the average person. Much of the training out there today is structured for a security professional, and would not be appropriate for average employees. The training materials should be clear, concise, and target issues that directly concern them, in a language that they can understand. Examples of topics which could be included in the training are email phishing, appropriate computer usage, password management, and proper data handling in and out of the office. The training should be fun, and focus on what they can do to help the organization stay safe. Also, the training should providing information which could be used in their personal life, like PIN number selection and securing their personal computers.
With a training program in place, it is important to get key executives involved. They should be the ones to announce and attend the new security training program first. As with anything in an organization, taking the top-down approach to this new program will help ensure its success. Once executives have attended the training session, comments and suggestions about what was presented should be addressed, and correction made to the material. Then, supervisors and employees should be required to attend the training. It is important that the attendees be allowed to ask questions, even on security issues that affect them personally. Any question asked during the session should be evaluated and possible added to the training material. This will ensure that the employees in future sessions stay engaged with training relevant to them.
Security issues in the electronic age is ever changing and evolving. As a security concern is closed, a new technique to infiltrate the network and steal data is developed. Your training program should also be ever changing, with new training sessions presenting the latest attack trends given the employees on a regular basis. This will ensure that everyone in the company stay up-to-date with the security department's latest security concerns, and what they should be watching for.
Ensuring organizational security is not just the responsibility of the company's security team, it's an organization-wide job for all to participate in. Focusing a small amount of time and money towards training the everyday, ordinary employees will help keep your organization safe. All organization, no matter their size, should implement an employee-based security training program today.