People are considered the “weakest” link in an organization’s security design. Owing to human nature and the randomness that it brings, people are susceptible to carelessness, accidents, and social engineering. Training personnel, then, is a vital ongoing process in the security plan of the organization.
It is important to train each person in the organization in security, even those whose roles don’t require them to access a computer, due to the following reasons-
- Every employee usually has access to the organization’s system, in however limited a capacity.
Most organizations, at the least, create an email-id for each person they
employ. This is to push emergency notifications and other alerts mandated by
their policies and possible state laws. It is necessary in such a case to train
everyone regarding email security.
Consider a person working at the organization’s cafeteria. If he were to check
his email and click on a phishing link, he risks pushing out malware across his
address book and it won’t be long before the mail servers are affected, or
external mail servers blacklist the organization for spamming.
- Almost every employee has a digital identity
With most payment and banking systems being online, almost every employee
has an online identity which has access to his private data: Name, Social
Security Number, Employment details etc.
If he were to be a victim of identity theft, the organization that has hired
him risks being vulnerable too, as a malicious user claiming to be an employee
can create trouble.
- Every employee is a potential social engineering target
Each person is the organization is vulnerable to being social engineered through email, the telephone, through social media, or in person. When an employee isn’t trained to be aware and to identify such frauds, he could be instrumental in letting hackers in.
- Physical security is important too
Security is not just digital. A housekeeping employee who has the keys to almost every room in the organization could let in a malicious intruder.
- Hackers target everyone
Hackers can get creative in their attack plans. They are aware that organizations do not invest in training all their personnel and target unconsidered targets like the plant operation personnel, housekeeping staff, and temporary interns.