How to secure data by addressing the human element

By Thor Olavsrud , CIO |  IT Management, security awareness

Spitzner also recommends avoiding monolithic, hours-long training. Instead, he says, take a modular approach to topics. The modules could be as short as three to five minutes. Primary training should consist of a mix of short videos and onsite training, with newsletters and even sanctioned phishing assessments for reinforcement. Facebook feeds, twitter feeds, posters and flyers can also play a role. It's important that employees receive primary training once a year and then reinforcement through continuous touching throughout the year, Spitzner says.

Finally, the program requires metrics that measure employee engagement with the program and how their behavior changes as a result. The program should be reevaluated and updated at least once a year based on the metrics.

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Thor at tolavsrud@cio.com

Read more about security in CIO's Security Drilldown.


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness