Lots of vendors offer employee training that, they say, will be your company’s first line of defense against system security attacks. Does the training deliver what’s promised?
To answer the question, consider the results of an experiment several years ago called “Carronade.” Researchers trained cadets at West Point to avoid computer use that could lead to system breaches. In particular, the cadets were warned about the security hazards of clicking on links in “phishing” emails.
So what happened after the cadets completed the training and then were sent suspect emails with dangerous links? You guessed it: Nearly 90% ignored the training and clicked on the links.
More recently, a company called RSA, a maker of security software, got embarrassed when employees opened up a virus-laden Word document.
The stories underscore the idea that average computer users don’t pay a lot of attention to training and warnings about attacks on system security. For real security, you’ll probably have to rely on your core IT people.