Harsh education

It would seem that the recent high profile security breaches of HSBC, AmericaOnline, LexisNexus, ChoicePoint etc are making company boards sit up and take notice.

Of course, educating company management about security is one thing, but the struggle most IT managers and CSO's have today is educating users in an attempt to get security policy compliance. An annual study by the Computing Technology Association (CompTIA) has revealed that although IT security breaches due to human error remain high at 80%, organisations are doing little to educate staff to prevent future occurrences.

Of course, risks cannot be eliminated completely, but clearly communicated acceptable-use policies can do a lot to minimise the dangers. So how should firms go about educating staff?

E-learning might not be a panacea but software such as Extend's PolicyMatters, which forces staff to take a Q&A test at regular intervals, are probably the way forward.

Expect to see the use of these tools accelerate as the security stakes and legislation become more pronounced. It may not be long before locking staff out of the network if they fail to pass the test will be deployed as a very good way of getting the attention of even the most blasé of employees.