Why Security Training? (Video)

Steve Ripper of PCG talks about security training and why it’s an often overlooked, but critical part of your business’s cyber security.

So, one of the things we get asked is, “what are the things that we would recommend a company do”, and one of the things we always come up with is training. Why training? It’s usually on the bottom of companies’ lists. You spend so much money on equipment and servers and IT support people and PCs, but you almost spend no money on your employees. You give them a PC, you give them all this software, and you make them figure it out themselves. Training can really help with that. Putting a little bit of time and effort into your employees so that they are getting, “hey, this is where you click on this, this is how you use this, these are some of the features.” Maybe you’re a medium user, you can go from a medium user to an expert user. You can really pick up a lot of tips.

Then, in every training that we do, we do find that there are people who are bewildered by it, and they really could use just the basic intro to what’s going on. They’ve been dropped into the deep end of the pool of the IT side of things, and they really could use some direction. So training the people that you have in your company. You’re spending the most money on them. Your salaries are probably one of your biggest, if not your biggest, expenditure for the company — you should, of course, be training them, teaching them, showing them where things are.

Certainly when it comes to training, the biggest training item that we work on is security, right? Getting users to understand what to do, what not to do, what to look out for, is critical because there’s an entire group of people out there, as we know, who are spending large amounts of time and money trying to trick your users. They’re trying to trap them into giving their passwords, letting them into the network. So security training will really bring your users up to a place where they’ll know what to recognize, they’ll know what to say no to, know what to refuse, what to delete, what to report.

So the truth is that no matter what we do IT-wise — firewalls, servers, software — no matter how much we’re watching, if your users let the bad guys in, there’s very little that we can do about it. So, security training is really the attempt to shore that up.