The training side of identity and access management
May 6, 2014

Data breaches continue to be some of the more common threats facing businesses in the modern market, and the constant stream of new risks has shown no sign of slowing down thus far. Enterprises must become more proactive in their identity and access management strategies, or run the risk of falling victim to serious instances of theft and loss that damage reputations and cause significant financial problems. 

One of the prevailing reasons why cybercriminals have been able to run amok on the private and public sectors is the continued use of traditional passwords and credentials, which are easily lost or cracked. The use of more advanced and proven solutions such as authentication tools can quickly reduce the risk of data breach for any company, regardless of which industry they might be competing within. 

However, another side of the coin that is even more often overlooked is the need for employee awareness and training programs that teach lessons related to best Internet and device security practices. Studies from various firms have indicated that the most common cause of breach is employee error, and this significant threat can be mitigated by investing a little time and resources into staff member development. 

Still not getting the point
Help Net Security recently reported that a new study, released by Enterprise Management Associates, revealed that very few companies have started to deliver security training to their employees despite the common knowledge that this is a critical undertaking. Poor awareness and a lack of security training generally translate directly to lackluster and dangerous practices on behalf of the average employee, leaving systems and data vulnerable to breach. 

According to the news provider, 30 percent of the employees surveyed stated they leave their mobile devices in their cars unattended, which is a scary figure considering the biggest threat of BYOD is a lost or stolen smartphone, tablet or portable computer. What's more, 59 percent of the group studied found they store work information in insecure cloud-based environments, while 35 percent have clicked a link within an email that was delivered by an unknown sender. 

When looking at these figures, it is not surprising that the study also revealed roughly 56 percent of the employees surveyed stated that they have never received any type of formal or informal security awareness training, the source noted. 

"People repeatedly have been shown as the weak link in the security program," David Monahan, research director of EMA, explained, according to Help Net Security. "Without training, people will click on links in email and release sensitive information in any number of ways. In most cases they don't realize what they are doing is wrong until a third-party makes them aware of it."

The researchers also worked to decipher what would make for a strong awareness program, and the news provider stated that employees are demanding intuitive, straightforward materials that are easy to understand. 

Get comprehensive
By combining employee security training investments with more modernized approaches to account and device protection, businesses can quickly begin to reduce their risk in the current market. For one, network authentication, as well as enhanced controls of accounts and data, can cover the backend systems and storage environments that are put at risk when a mistake is made. 

Additionally, a well-informed workforce that has gone through the security training process will begin to reduce the number of times an error occurs, thus working to mitigate threats on both sides of the coin. In the coming years, those companies that take the most proactive and comprehensive approaches to identity management will likely experience the fewest issues.