IT Security Training: Two-Thirds of Companies Prefer It In-House
"What kind of security training does your company do?" It's a common question, and the answers can vary. Do you know if your security training helps your employees to avoid attacks? For midsize companies, it can be a difficult decision to choose between keeping it in-house or using a third-party provider. This article takes a deep dive to look at the concerns of midsize companies, and if they really are covering all of their security bases.
By Doug Bonderud
More than agility or even compliance, security remains a top priority for midsize IT admins, especially as cloud computing, mobile device use and outsourced technology services become the norm. What's more, security is one area where many companies are reluctant to give up control, preferring instead to keep all IT security training in-house. But does staying away from service providers really improve information safety, or are businesses doing themselves a disservice by keeping security so close to the chest?
By the Numbers
According to a recent Kaspersky Lab survey, 65 percent of businesses prefer to conduct their security training in-house. Only 12 percent used a third-party consultant, and four percent said they do not train staff in IT security at all. It is hardly surprising, then, that 85 percent of respondents also reported an internal security breach over the last year, and 91 percent reported an external issue. What is the disconnect?
Part of the problem is time. Many midsize IT admins are burdened with cloud transition efforts, updating legacy systems and ensuring CRM and other software-as-a-service products are working as intended. Adding security to an already full plate means something has to give. In addition, IT staffers are not trained to be trainers; this makes it difficult for them to devise an easily understood curriculum and capture employee interest. With the average bill for a midsize security breach or data loss coming in at around $50,000, it is critical for companies to consider not just what they are teaching employees, but how they are presenting the material.