You can have the strongest security in the world, but if your own employees are not doing what they can to ensure security policies and standards are implemented then your security is not going to be very strong at all.
Cnet writes “People are the weakest link,” said Chris Pick, vice president of market strategy at security and systems-management company NetIQ and co-founder of Human Firewall, an educational and informational Web site now operated by the Information Systems Security Association, or ISSA. “Education is the first line of defense.”
But apparently not many companies are following that playbook.
Last year, the Human Firewall Security Awareness Index Survey found that 48 percent of the companies participating in the survey had never provided formal security training for their work force, Pick said. And of those companies that had, only 15 percent had provided such training in the previous six months. The National Cyber Security Partnership seems to be aware of the problem too. In March, the group urged companies to adopt more security education.
PC users are frequently pinpointed at the weakest link in the security chain. A recent survey of developers conducted by Evans Data, a market intelligence firm, found that one in four believed that biggest barrier to computer security is users refusing to follow policies. Nearly one in 10 developers thought security solutions were too complex for the average user.
The lack of an informed work force can be costly for a company, since technology can only go so far in protecting a network, security experts said.
“Unfortunately, people are still not thinking before opening an (e-mail) attachment. Every time a new virus comes out, people go out and do the same thing they shouldn’t be doing,” said Mike Breth, IT audit manager for the Westfield Group, an insurance and financial services company.