I’ve been working on some security awareness training material for TeraByte IT over the last few weeks, with the goal of releasing it as a service once its completed as there appears to be an ever increasing demand for it from employers covering all sectors.
This got me thinking about security awareness in general, so I decided to ask some people I know who are not in the IT security industry whether they think they are security aware at home and in the work place.
We discussed about what they think security awareness is, how they handle the security of their assets, whether it’s a password, social media feeds and bank details to name a few. We also discussed whether they use the same discipline for business use as they do at home. From my discussions it was found that people do handle home and work security differently.
Is this a good thing? Should this be encouraged? My thoughts are that people should be discouraged from separating home and business security practices and, instead start using the same security best practices whether they are at home, in the work place or out and about in public places.
Surprisingly, the people I was speaking too, still use weak passwords for the majority of things which wouldn’t take long to crack and to cap it off still use these passwords across multiple sites. When talking about password managers, their initial thoughts were what’s that then? Then after hearing about what they actually they and having a minute to think about them, come to the thought that it adds another laver of complexity to their online browsing habits, something that they wouldn’t like to use.
When asked why they they don’t use the same security habits for home and work use, the majority of people were replying with “because that’s what I was shown at work”.
My thoughts are that with the increasing rise in ransomware and malware and everything else that ends in ware, users should be shown what is good and what is bad when working with computers. They should be taught the pros and cons of why you should be using unique passwords for every site, why you should be using password managers and why it will become easier if you use the same mentality between home and work.
I’d like to hear your thoughts on this matter, what do you think is important from security awareness training? Do you think its necessary? Does your business already utilise security awareness training?