When is the last time you thought about the content of your company’s security training? If it’s been a while, it’s time to take another look. It’s not enough to have a security training program in place; you also need to revisit your training to make sure it addresses current security threats and best practices. Some companies are still using training programs that warn against outdated issues like improper disposal of CD-ROMs, but do not address current issues like cloud security.
Contents
The Importance of Cloud Security Training
Image via Flickr by perspec_photo88
It probably isn’t news to you that your company relies heavily on cloud technology. However, you may not be aware of how many cloud applications you’re using. One report found that the average company uses 738 cloud services — over 10 times more than the IT department realizes. And that doesn’t count the cloud services your employees are using, including social media, photo sharing, and email platforms. These cloud services likely contain sensitive information about your customers, your employees, and your business.
Cloud security software is one vital component of a comprehensive security program. Cloud security training is another.
When to Conduct Cloud Security Training
The Payment Card Industry Security Standards Council recommends that employees receive annual security training. This training should also be part of your on-boarding process. In addition to filling out tax paperwork and signing off on a copy of the employee handbook, every new hire should learn how to identify a security threat, and how to handle it in accordance with company policy.
In addition to new hire and annual training, InformationWeek Dark Reading senior editor Sara Peters recommends conducting security drills to test employees’ skills and vulnerabilities. Such drills allow your team to put their training into practice, and help you identify potential weaknesses in your training and policy.
How to Deliver Cloud Security Training
Effective training means thinking beyond a single company-wide meeting. Organize employees in smaller groups; this may mean tailoring training for each department, or creating cross-departmental groups that encourage collaboration and diverse perspectives.
Creating customized security training for specific user groups requires more effort than bringing in a third-party, one-size-fits-all training program, but as Thor Olavsrud explains in CSO Online, employees need to understand how security threats affect them and feel that they have a critical role to play in preventing breaches. “It’s not enough to communicate what they should do, you need to help them understand why the behavior is important and help them feel ownership so they can recognize key moments and make the right decisions.”
Several of the top cloud security threats currently faced by businesses involve tricking employees into giving up sensitive information. These scams may involve emails in which a hacker impersonates a company executive, compromised credentials resulting from weak passwords or poor access management, or malware embedded in what appears to be a harmless music or app download.
Don’t rely on your IT department to identify and thwart security problems. Invest your resources in a comprehensive cloud security training program for every employee, so your company doesn’t become a cautionary tale.