Employee Training Boosts Security

Tuesday, February 24, 2015 @ 10:02 AM gHale


Employee training is the top way to beef up their corporate information security, according to a just released survey.

The survey, based on 2,400 chief information officers (CIOs) with 100 or more employees, shows how internal workers are still the largest security risk.

RELATED STORIES
Cyber Attacks Top Continuity Threat
Complex Security Should be Easy
ICS Security Guide Up for Final Review
Energy Control System Help Sought

Fifty-four percent of CIOs said they would boost training on security issues, according to the IT staffing firm Robert Half Technology survey.

Second on the list (45 percent) was vetting third parties with access to corporate data followed by hiring IT security personnel (41 percent) and multifactor authentication.

Robert Half Technology said CIOs need to screen potential hires for certifications, an interest in how culture and security go together and communication skills.

“We live in an era where information security threats are a real business risk,” said John Reed, senior executive director of Robert Half Technology. “CIOs are attacking the problem from all sides, but there is a strong emphasis on employee-driven measures. Vigilant IT teams and security-savvy individuals throughout the organization are a valuable and fundamental defense; without both, other courses of action will be less effective.”

Robert Half Technology offers the three attributes of effective security employees and what to ask them:
1. Discuss candidate’s use of proven methodologies, best practices and risk intelligence in previous roles and assess how they would apply them in your company. Ask: “How would you create a security-conscious culture in our business?”
2. A well-rounded security professional will have certifications mentioned on his or her resume like CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) and CompTIA. Certifications show an investment, but how did they apply that knowledge to real time applications. Ask: “How have your security certifications prepared you for this role?”
3. IT security professionals should have impeccable communication skills. Externally, they should be building solid relationships with firms and vendors that have access to company data or may be brought on to help with security efforts. Internally, they should be able to raise awareness to potential threats and explain security measures in a way that will help guide employee behaviors. Ask: “What would be your communications approach around security, potential threats and best practices to senior leadership and employees companywide?”
022415survey chart



Leave a Reply

You must be logged in to post a comment.