To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/itdirector/0,39024673,39120123,00.htm

Leader: Don't blame your staff – train them
If your workers are security dunces, it's no one's fault but your own

By silicon.com

Published: Tuesday 20 April 2004

When it comes to protecting your corporate network from security threats, bosses can make their staff their best friend or their worst enemy.

A new training course launched today targets the average user and teaches them how to avoid the common or garden security threats and behaviour that bring down networks on an all-too-regular basis.

The course is aimed at office juniors who are a bit too friendly with peer-to-peer networks, admin staff that are a bit too ready to open suspicious attachments - you get the idea.

The launch of the training programme comes on the same day that the DTI revealed UK businesses are taking a more and more lax attitude to monitoring their staff access to the internet and staff are spending more and more time abusing security, whether deliberately or accidentally.

And while it's all too easy for the tech team to point the finger and label staff that aren't in the technological know as 'typical users' with a world-weary shake of the head, it doesn't really help prevent the problem.

Users do need to be educated. Not everyone may need a training course but keeping them up to date with the latest threats, particularly viruses or phishing will help to cut down on security breaches, as will a jargon-free and well-publicised acceptable usage guide.

Training isn't a replacement for technological measures. Companies will always need firewalls, antivirus protection and spam filtering. Getting virus software and patches to update automatically on staff PCs cuts out the opportunity for the less well-informed to accidentally also make vulnerable a network.

Unfortunately, hackers are quick on the uptake – they know companies are getting better technology at the gateway and that's why they're increasingly relying on social engineering to break in. Simply educating your staff - about opening emails when they don't recognise the sender or sharing passwords - can stop the social engineers and virus writers in their tracks.

When it comes to security, knowledge is power. It's also good news for your bottom line.