In the last several years, more and more of my employee
security training comes with a link to an online course. Some of the courses are minimal and take a
matter of minutes to read and to take the final quiz to confirm that I read and
comprehended the material. Other
training materials takes hours and days to complete.
Who has time to do all that training and also get their jobs
done? Why does my company keep on
insisting that I take the same training over and over each year? What is the point?
Well, the point is that people tend to forget things if they
are not reminded. The use it or lose it
mentality is very true. If I don’t have
those reminders every once in a while, I am very likely to forget some
important aspects of keeping things secure at work and even at home on my
personal computer. Also, things change
and if this material is not kept up-to-date, I am not likely to find out about new
security threats to me and my company.
About a year ago my company started having pop-ups with
security hints come up each day when I logged onto the network. At first I read each one because it
interested me. Now, I cannot even tell
you if those pop-ups come up anymore.
After a while I found them irritating.
Soon, I stopped reading them altogether.
Now I cannot even tell you if I get them anymore. I compare this to being deep in thought and
driving home and realizing that I traveled a great distance without consciously
thinking about where I was. Because I am
focused on starting work when I log on in the morning, I don’t notice the
detail of whether I closed a pop-up when I first logged on. Tomorrow morning I am definitely going to pay
attention and see if that pop-up appears when I log on.
The information security department is also sending out
periodic newsletters with interesting relevant topics that include things that
I can do at home as well as at work to protect my information. I always read those and always get a lot from
doing so.
So, next time you are annoyed by having to do that training
at work, realize that it is to protect you and the company from security
risks.
Information security is everyone’s business!
No comments:
Post a Comment