Security awareness training: How to educate employees about spyware
October 27, 2005 Newsdesk
From Bank Info Security:
We all know the threats posed by spyware to enterprise networks: user ID and password theft, financial loss, productivity drain, intellectual property theft. Security practitioners have two defenses at their disposal: the human and the technical. While the technology for combating spyware is improving, antivirus vendors have only recently started adding functionality to target it. That means the best defense is the human one – employees and end users. They can help in the battle against spyware through security awareness training and information security policies.
Educating end users about spyware should be part of any comprehensive security awareness training. It should be part of at least half-day or, preferably, whole-day training required by all employees at all levels, from the executive suite down to the receptionists and security guards at the front door. Everybody uses a computer today. Training should be a condition of employment with mandatory attendance noted as part of annual performance reviews. As the number of security threats keeps growing every year, training should be updated annually and employees should be required to take it once a year.
To read the complete article, CLICK HERE…
December 31st, 2007 at 07:42 AM What is at issue is not the awareness, but the controls that are in place on their computers to stop or eliminate spyware. Limiting peoples activities on the Internet through the use of a proxy server and content filters helps but does not stop it. What can a user do when his company stops them from installing software…software like spybot that can stop and clean up spyware. It is then up to the company to install these type of tools to keep computers safe.
December 31st, 2007 at 07:42 AM As far as protection, the issue needs to be resolved at the gateway level where administrators have the ability to monitor and "clean" the things that come into their environments and then limit their users to only the necessary websites that enable the employees to function in their jobs. It shouldn't be up to the user to clean up their spyware issues (if they even know what spyware is) it needs to be more centrally managed than that. Doing it any other way opens the network up to endless managing of this types of issues.