How many of us have written little password reminders on sticky notes? Working in an office environment - I have seen quite a few screens covered in these notes. This type of issue should be dealt with in a simple security training course offered by all organizations. With all of the advances in technology - now it is even more important to address the need for strict security controls and raise awarenes for security protection.
Security Training is a Wise Investment
The current economic climate is forcing companies to choose which programs they need to discontinue. While it might seem like an area where a company can save a few dollars - Security Training should not be where an organization withdraws their support from. Employee and contractor behavior is the primary source of costly data breaches. It's also the best way to prevent loss.
Security Awareness Isn't Just a Good Idea, It's the Law
Besides being good company practice, raising security awareness is not just a great idea. There are also laws that require companies to provide training in this area.
Some Laws requiring security and privacy awareness or training programs apply to:
- The Federal Government (Federal Information System Security Managers' Act)
- The health care industry (Health Insurance Portability and Accountability Act)
- Financial institutions (Gramm-Leach-Bliley Act and Sarbanes-Oxley Act)
- Publicly-traded companies (Sarbanes-Oxley Act)
Inexpensive Tools to Get You Started
Here are some inexpensive ways you can raise security awareness in your organization:- Posters
- Free On-line training courses
- Company meetings
- Government pamphlets
- YouTube Videos offer another free source
This is a great YouTube video I found showing an actual product that is being sold called the Password Reminder. It was featured on the Ellen show:
Some links for more information:
InfoSec Institute
Sophos - Security Do's and Dont's
Security Breach Examples
No comments:
Post a Comment