CompTIA, the IT industry’s trade association, has launched a new training program designed to combat data breaches caused directly by human error.
CyberSecure will aim to educate all employees at an organization, from receptionist right up to the CEO, in the basics of cybersecurity, the group said in a statement. According to CompTIA, human error is both the most common and the most preventable source of data breaches.
The course can be taken online and at the user’s own pace. The course’s modules were developed by CompTIA’s IT Security Community, a group of security leaders from the IT industry.
It covers six primary areas, the group said:
1. Protecting yourself and your company from information leaks: understanding the difference users can make to a company’s security and the steps they can take to make it safer.
2. Basic categories of information security threats: understanding where leaks can come from and the different types of threats.
3. Cultivating a safe information mind-set: how IT and HR policies can help instill secure behavior
4. Cultivating a safe environment: the security practices employees should adhere to in the office or working remotely.
5. Implementing safety strategies online: how practicing awareness, vigilance and scepticism will keep data safe
6. Protecting data and networks: how users can protect their businesses’ networks.
The overall aim is to educate users so they become the first line of defense at an organization. This will reduce the number of incidents that IT staff have to deal with.
“It’s clear that cybersecurity is no longer exclusively the domain of the IT security department,” said Graham Hunter, VP Certifications, Europe and Middle East, CompTIA. “The responsibility lies with all employees to be secure with their devices. This only increases as more employees work remotely and on the move.”
CompTIA’s own research found that 52% of data breaches are caused by human error, while similar research from IBM found that 95% of breaches have an element of human error attached. Further research from the Ponemon Institute found that “careless employees” were the number one cause of data breaches.
“Every business that uses IT needs to be aware of the consequences when employees don’t follow cybersecurity best practices,” said Hunter. “Time and time again, we hear of employees causing data breaches, whether that be through leaving a USB device with important data lying around, or clicking on unsolicited links in emails. Such actions are rarely malicious, but more often the result of a lack of training, lack of knowledge or simply general carelessness.”
Photo © Dean Drobot