Customized Security Training Protects Corporations Against Data Disclosures

By April 17, 2008

An organization seeking to prevent corporate data leaks is advised to customize security training based on an employee’s job function. A recent InfoWorld article outlines why experts believe customized employee training can p

revent data loss. Because everyone at a company from security guards to IT staff to high-level executives have the ability to override security measures, tailoring security training for every department can strengthen data loss prevention efforts. Well-trained employees can not only prevent non-employees with fake IDs from entering the building, but can also avoid unknowingly revealing company information through messaging systems (i.e. e-mail, instant messaging, and FTP systems).

One expert, Bruce Schneier, is a security expert in Mountain View, Calif. who likens effective corporate IT protection to security management in casinos. "If you look at a casino floor, you will notice immediately that people are watching people," he says as reported by InfoWorld. "That's because a lot of cash is moving, and it's moving very quickly."

Similarly, a corporation should monitor every employee to prevent mistakes from occurring. "People are the weakest link in security. They always have been, and you will never change that," Schneier says.

Each person employed by an organization works on some level with corporate assets and has a responsibility to protect those assets. An organization that effectively educates their employees as to their duties and how to successfully manage the risks of their job is least likely to confront data leaks.

What’s more, IT security managers are advised to explain to workers that security measures exist for the benefit of both employer and employee.

"If employees realize they could lose their jobs over something that could have been prevented by practicing common-sense security measures, they are given extra incentive to play by the rules," notes Eddie Zeitler, executive director of International Information Systems Security Certification Consortium Inc. in Palm Harbor, Florida.

A corporation is only as strong as its employees. Thus, effectively communicating to and training employees will ultimately reduce the risk of security breaches and create a safer work environment.

By Kathleen Clark
For comments on this article,
email us at

Legal mentions © L’Atelier BNP Paribas