Despite the wealth of information that has been released in the past several years indicating that employees are the most significant information technology security liabilities for the average business, companies remain negligent in their training practices. With all of the new technology that is being implemented, both in terms of cloud computing and unified communications, one might think that staff awareness and professional development would be a high priority for the average corporate decision-maker.
However, conventional wisdom defies these notions, as similar occurrences have taken place throughout the past 14 years or so that fall directly in line with this kind of activity among business owners. For example, studies released in the mid-2000s revealed that the average small business is only one major instance of service disruption or data loss away from closing its doors forever, yet this did not stimulate widespread investments in security technology.
Rather, to this day, researchers and analysts believe that the average small and medium-sized business remains dramatically unprepared to handle a natural disaster or other adverse event that threatens systems and data. Working with this same line of thinking, the average cost of data breach continues to rise, and numerous studies have indicated that staff member negligence or error have persisted as the most common causes of these issues for the past seven years.
Small business owners should remind themselves of the differences between preventing a major instance of data breach and trying to fight back from one of these events. Simply put, the financial damage that is directly incurred when information is stolen or exposed, as well as the indirect costs of reputation and brand management losses, are exceptionally high, especially when compared to the more affordable costs of simply developing staff members.
When cloud services and other technologies are being implemented and used by employees, businesses must not fall into the category of apathy or negligence.
But everyone else is (not) doing it
Help Net Security recently reported that a new study from Enterprise Management Associates revealed just how lackluster the average organization is performing in terms of IT security training and awareness. According to the news provider, more than half of the parties surveyed stated that they had never received any form of security training, and this lack of knowledge generally translated to widespread participation in precarious activities.
For example, roughly one-third of the survey group stated that they leave smartphones and tablets unattended in their vehicles, use the same passwords for various accounts and devices or click on links sent from parties they do not know. These three issues are among the most dangerous in the current IT security landscape, as lost or stolen devices, account takeovers and malware are some of the favorite pathways to corporate data among the average hacker.
Those who were conducting training sessions were not necessarily all that and a bag of chips, either. Help Net Security explained that compared to the 56 percent of employees who did not receive any type of training, a further 45 percent only get these types of lessons once a year. Small business owners should take a minute to look around their offices and see just how many utilities have been deployed since the last training session.
"People repeatedly have been shown as the weak link in the security program. Without training, people will click on links in email and release sensitive information in any number of ways," said David Monahan, EMA's research director, according to the source. "In most cases they don't realize what they are doing is wrong until a third party makes them aware of it. In reality, organizations that fail to train their people are doing their business, their personnel and, quite frankly, the Internet as a whole a disservice because their employees not only make poor security decisions at work but also at home on their personal computing devices as well."
Take your investments seriously
Small and medium-sized businesses continue to spend more budget than ever before on cloud services, enterprise mobility, big data and unified communications solutions. Not training employees in the best practices of these technologies is not only a security liability, it is also a sign that optimal utilization will simply not be met across all departments and among the entirety of staff.
Now, it is important to note that cloud services providers are making the solutions more intuitive and affordable than ever before, and that this is leading to more straightforward experiences among users. However, this does not translate to a complete lack of need for proficiency among staff members in these often easy-to-use technologies.
To protect investments and ensure the highest returns on these corporate expenditures, businesses must commit to a more intelligent workforce and overall improved sense of awareness from the organizational standpoint.