Security Training Isn't Happening as Often as It Should Be
Tuesday, October 17, 2017 - 1 PM PDT
Infosecurity Magazine Explains:
Human error and lack of internal security awareness are the biggest sources for data breaches and risk to organizations. Yet 78% of SMBs conduct security training just once a year (or less).
According to Shred-it’s 2016 Security Tracker survey (conducted by Ipsos), US companies are failing to prioritize employee training to mitigate fraud and breaches. It’s not just a small business problem either: Half (51%) C-suite respondents report they only conduct employee training for information security practices once a year or less as well.
More than a quarter (28%) report they have never trained employees on legal compliance requirements or company information security procedures. And 22% only conduct training on an ad-hoc basis.
Given that experts suggest employees can forget 90% of training information within a week, training once a year is a wildly insufficient practice for effective security awareness.