Security Awareness Training

Security industry experts have varying opinions on the usefulness of security awareness training, but many of the high profile data breaches stem from attackers relying on the human fallibility of employees. Attackers are getting better at using social engineering to trick users into giving up their account credentials or opening a malicious attachment or link. Solution providers should be able to conduct managed phishing testing and survey employees to identify misconceptions and poorly communicated security policies. Proponents of security awareness training say education must be sustained and supported by executive leadership within the organization in order to prompt a positive culture change. Training programs often include a mixture of ongoing phishing tests, on-demand training and regularly scheduled seminars.