According to Ponemon Institute, a data protection research organization, about 88 percent of all data breaches in 2008 were attributed to “insider” negligence. And with businesses already in crisis mode due to current economic conditions, they really can’t afford to part with the estimated $6.6 million lost in a typical breach.
To address these issues and create a set of best practices, Symantec recently updated its Security Awareness Program.
“It really is for the end user in an organization,” said Lee Futch, principal product manager at Symantec Education Services. “[It] helps employees understand their responsibilities and how they should behave so that they can help protect a company’s information and critical data.
“A big vulnerability for malicious threat is [employee behavior],” she added. “Employees really want to do the right thing — and [the program] just helps educate them so that they’re not being careless or dangerous in the workplace.”
Touching on topics as basic as creating a more robust password and safely surfing the Internet, to more advanced issues relating to reducing internal negligence and protecting against outside attacks, the Awareness Program is designed to engage learners in a time-efficient manner so companies can meet compliance regulations.
“It really addresses some of the dangers with the new, more mobile workforce,” Futch said. “So if you bring in a thumb drive that you were using at home, and you don’t know good practices, you could be introducing something inadvertently by using that thumb drive at work if you picked up something on your [home] computer. So it actually makes people more secure at home, as well.”
The latest update to the program has condensed the content into a single 90-minute online module, while maintaining the core subject matter.
“[This streamlining] is helpful for organizations who are very conscious of the workforce productivity,” Futch said, which is especially crucial in today’s economic environment.
Other new features include a searchable transcript, interactive content and compatibility with learning management systems, so companies can track employee participation and scores to prove compliance. Companies also can customize the content by inserting their own links to company-specific policies and procedures related to data security. Additionally, they can opt for more specific technical content to fit their unique needs.
Futch said the program is used across all industries — including state and local government, universities and manufacturing — but the highest use comes from the finance industry, which has tighter regulations and frequent audits.
Symantec is continually updating the Awareness Program, and Futch said future offerings might address specific industries’ needs.
For example, “something that we might look at in the future would be training needs specific to the health care industry,” she said. “[The Security Awareness Program is] kind of a living content; it’s constantly updated as customers’ needs evolve.”
– Mpolakowski, firstname.lastname@example.org