Staff Training on Computer Security
Creating Awareness of Malware Risks and Infection Prevention
To prevent the installation of malware, viruses, spyware and other havoc causing computer processes, IT corporate training initiatives must inform staff of the risks and get their buy-in. All too often, systems crash because an employee was negligent causing an IT security nightmare.
Using Case Scenarios
The challenge is that some employees resist being told what to do and the more you try to instill rules, the more resistance you’ll encounter. To resolve this, avoid rules and train staff using case scenarios.
Create a scenario by first setting the stage and then offer participants three options of a next step. For example:
You are creating a document that requires the insertion of photos. The photos you have are not the correct size or shape. You want to download the latest version of the photo editing software you use at home. Should you:
- a) go ahead, ignore the security warning field, it is there only as precaution for people who don’t know what they are doing
- b) ask the IT help desk to install the software for you
- c) check to see if you have a photo editor already on your system by reviewing the list of programs from the start button.
Other examples of security breeches are: downloading and/or forwarding email attachments from unfamiliar sources, password sharing, responding to phishing emails, and so on.
Increasing Interactivity
Make the IT training interactive by breaking into groups and coming to a consensus of the correct option to choose. Ask each group to document the pros and cons of each option, present them to the larger group and conclude with the option they’ve chosen as a group
After a debrief from each group, provide the participants with the details of real instances when employees in the company have chosen options that created security problems or put a strain on IT resources. When employees clearly understand the consequences of their actions or inactions, they are less resistant to policies. The more dramatic examples of IT horror stories will have the best impact e.g. emails not being delivered, server crashes etc.
Increasing Compliance
IT managers tend to like black and white rules and compliance with clear consequences for non compliance. While that approach may work with like minded individuals, it does not always work with employees that prefer to have less structure to allow for creativity. Using adult education principles, deliver IT security training with the case study approach and IT managers may find a higher level of compliance when the emphasis shifts from following rules to understanding the implications of IT choices.
