Education, Education, Education – that was the mantra of Tony Blair and the labour party back in 1997. Their aim was to focus the electoate’s attention on the poor state of the UK’s school system. Their goal, or at least their claimed goal, was to lay down core improvements which would enable the UK to lead the world through effective education of future generations.
But education is an important aspect in all areas of life and shouldn’t stop when we leave school, college or university.
Many businesses and other organisations spend huge amount of time and money educating their employees on various aspects of their business operations – technical training for their specific roles, training on health and safety procedures, on company processes and even sometimes on company policies or legal and regulatory responsibilities.
But how many educate their employees, staff and managers on good information security practices? On understanding what information security actually means, why it is so important to the employees and the organisation, on who the threats are and then how to mitigate the risks?
Information security starts and ends with people. They define the processes and procedures, they are involved in protecting information, they are the most effective safeguard you have and they are the responders when an incident occurs.
But they are also the weakest link in the security chain which is why it is essential to invest in their education.
Properly trained staff, who understand information security issues as well as their own roles and responsibilities are the best defence against your organisation suffering a security breach.
They are capable of assessing situations, reacting to incidents, improving processes and handling problems far more effectively than any electronic device or computer software.
And yet most organisations are willing to spend far more on technical security measures and IT systems than on training and awareness solutions even though such solutions are likely to prove a better investment and may indeed save the business far more in the long run.