Companies from all sectors, and of all sizes, should pay special attention to educating both technical and non-technical staff in information security and data protection.
Alan Calder, CEO of IT Governance, is of the opinion that staff are, increasingly, going to be the weakest link in terms of information security.
“As technical defences improve, so attackers will increasingly resort to ever more sophisticated spear phishing attacks, to social engineering, and so on – so staff education, awareness and training are essential.”
Calder’s point of view is shared by many of his peers, and organisations are being encouraged to invest more in staff information security training in the future. Promoting the development of “a cadre of skilled cyber security professionals” has been also deemed a priority in the UK Government Cyber Security Strategy published in November 2011.
Calder says, “Poorly-trained technical staff may mean inadequate technical security. This, inevitably, makes any organisation more vulnerable to cyber attacks and Data Protection Act breaches. On the other hand, poorly-trained front-line staff may mean the organisation is wide open to phishing, pharming and social engineering attacks.”
“Data shows that insider attacks are responsible for, perhaps, half of all breaches.” continues Calder. “This means that data-handling staff, HR staff, supervisory and other management staff, all need also be appropriately trained. However, senior management is ultimately responsible for raising information security awareness with non-technical staff and providing technical staff with the opportunity to acquire the necessary qualifications.”
IT Governance is well known for its comprehensive professional services in the information security domain. The organisation has been delivering both classroom and in-house training courses for many years now, and has been recognised for its experienced and knowledgeable trainers.
A schedule of IT Governance’s foundation and advanced level certified training courses is available on their website here: www.itgovernance.co.uk/training.aspx.
IT Governance also provides in-house staff training for both technical and non-technical staff.
Its in-house training courses can be tailored to the organisation’s specific needs, business environment and projects to ensure that staff play an effective, on-going role in securing their company’s corporate information.
In-house training is undoubtedly the most cost-effective method for an organisation to train a number of staff to a common standard. Tangible benefits include reduced training costs, lack of travel and hotel fees, as well as full flexibility in terms of timing of the sessions.
For non-technical staff, the company also offers the convenience of e-learning to raise awareness in particular subject areas, such as information security, data protection or the payment card industry standard (PCI DSS). E-learning requires minimal administrative organisation, and employees can do the training in their own time and at their own pace.
To find out more about IT Governance’s e-learning courses services visit www.itgovernance.co.uk/itg-elearning.aspx.
Organisations interested in the IT Governance training and e-learning services can call the friendly customer service team on 0845 0701750.
*******
FOR FURTHER INFORMATION
Desi Aleksandrova - Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk