One of the greatest security threats to information and data breaches could actually come from within your organization. End users are often the culprit of security breaches in the enterprise.
It is not always disgruntled workers and corporate spies who are a threat but many times, it is the uninformed employee. The focus will be on uninformed users who can do harm to your network by visiting websites infected with malware, opening attachments from unknown senders, responding to phishing e-mails, storing their login information in an unsecured location, or even giving out sensitive information over the phone when exposed to social engineering. One of the best ways to make sure company employees will not make costly errors in regard to information security is to establishment company-wide user awareness security training initiatives that include, but are not limited to classroom style training sessions, security awareness website(s), helpful hints via e-mail, or even posters. These methods can help ensure employees have a solid understanding of company security policy, procedure and best practices.
IT departments can combat these threats by implementing threat detection, malware protection, network protection and host of tools but the key is to educate your employees on threats and how to avoid them through end-user security awareness training.
GDS Consulting can develop a training program that provides targeted and effective training to your employees. A lack of end user training regarding acceptable use and unsafe behaviour can introduce risk to an organization. Training on a regular basis can help employees avoid behaviours that might lead to data loss or system compromise.