There has been a lot of investment in corporate IT security, especially infrastructure, observes Felix Odigie, CEO of Inspired eLearning, and it has paid off — networks are more secure. But with hackers finding it more difficult to hack the network, they have turned their attention to the weakest link: humans. “It’s easier to hack users of the network — employees, vendors, third parties — than the network,” he notes. He designed Inspired eLearning programs to make the human the firewall.
Training addresses the need of employees to be more security conscious. It covers simple tactics and recurring behavior that make it harder for employees to fall prey to malicious intent. In addition to being customizable to individual skills, the courses are customized to specific industry sectors. Financial businesses, in addition to regulatory issue, deal with anti-money-laundering; healthcare, with HIPAA compliance. Other sector-specific programs are geared to manufacturing, and to businesses that process credit cards.
The courses are designed for adaptive learning, including a threat profile assessment so the organization can gear the training to individual employees. “Some employees may be good at passwords, others at privacy or emails,” Odigie says. “The courses reinforce what they already know and train them on what they’re weak in.” This results in better use of their time, as they would not waste time taking too many classes, Odigie notes.
Observing that a deterrent to training employees in the past has been the time involved, Odigie notes, “The cost associated with the breaches is quite substantial, and companies are realizing it now.” And they need to address security awareness as a whole, which may require a cultural shift. “Businesses cannot win at the hacking game; they can’t play the hackers’ game. Therefore, they need to be better aware and better educated.”
Editor’s Note: To help protect people from becoming victims of phishing scams, the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) collects phishing email messages and website locations. phishing-report@us-cert.gov.