Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Information Age Education, Training and Awareness

By Ed Appel
September 1, 2009


It’s an automated world. What are the implications for training the workforce for a secure Information Age? How can an employer educate information technology (IT) users?
This article isn’t about Web-based training, though that topic is worth 1,000 words. This is about an unmet challenge for nearly every CSO:  Has your information security training succeeded? Are you sure?
     
Today’s enterprise is overwhelmingly automated, and its assets are ensconced in servers and workstations. Most new employees are made trusted users, with access to invaluable information systems, networks and data, on their first day. Yet, few applicants are asked if they ever got in trouble for misusing computers.  Few include their virtual identities on applications in the list of aliases they use. Other than President Barak Obama, few employers ask candidates for executive positions about their social network postings and other Internet activities.
     
What President Obama gets that few CEOs and CSOs understand today is that almost all U.S. office workers are “wired” – Internet, cell phone and digital gadget users. About 80 percent of Americans of all ages use computers, with higher percentages for the younger, more affluent and better-educated. The Pew Foundation’s Internet & American Life Project has fascinating statistics. Around 30 percent of us are what I call “power users,” i.e. people who spend a substantial part of their lives online. 
     
Four years of research have proven that almost everyone in the workplace has information about them on the Internet. About 3-6 percent of U.S. workers have derogatory references on the Internet, the kind of information that would indicate illegal, illicit or socially unacceptable behavior. Put another way, they would be ineligible for a clearance, for hiring into most corporations or for collaboration with fellow workers. Examples include people who lied on their application for employment, omitting arrests, government sanctions and serious misbehavior, child molesters, those prone to violence in the workplace, men who have stalked and harassed women online, neo-Nazi thugs, movie and software pirates, embezzlers and a host of others. Some people (both government and privately employed) have been found boldly using their employers’ email addresses for objectionable personal activities on the public Internet.
     
The Internet is a venue for wonderful diversions, communications, e-commerce, hobbies, games, social activities and many others. It is also a host for child porn, spam, phishing, malicious codes, piracy, counterfeiting, sale of stolen property, frauds and more. Today’s Internet criminal is unlikely to have a police record, because chances are, no arrest has occurred. Their history can be found online, with a thorough, competent Internet vetting.
     
Surveys have shown that many businesses and government agencies rely on self-taught courses for their personnel in computer topics, including security. Today’s worker understands that digital assets are accessible – to read, copy, print, burn to disk/thumb drive and to take, without ever disturbing the original. Keeping people honest with enterprise data is very difficult when the average worker is not held to strong standards of online behavior, nor taught to consider all company data proprietary.
     
Companies and agencies are beginning to address this issue. However, in the government, agencies continue to get abysmal marks in assessments of their IT security.  Businesses are mostly successful in keeping IT security breaches private, except where the law requires notification of people whose identities were stolen. Efforts are focused on stronger firewalls, better antivirus and digital rights management, as well as blocking some Internet sites. It seems that the solutions to IT security issues are considered largely technical.
     
The fundamental educational piece seems to be missing from information security: people’s misbehavior online is simply ignored until it boils over. Enterprises do not scan the Intranet for authorized users’ misdeeds, just as law enforcement is largely absent from the wild west of the Internet unless a major complaint is made. Few employers use pop-ups to remind users of their limits and responsibilities, when they overstep their bounds.
     
In this context, social norms that changed with the growth of the Internet are often left unaddressed in the workplace. Among these are the ownership of digital property, Netiquette, discretion in social network postings available to the world, confidentiality of work information and Internet “privacy.” The most active Web users are apt to engage in fantasy, long, daily, personal sessions online, continuously updating instant messages to friends and mixing business with pleasure both on work and home computers. Virtually overlooked are the mores of New Millennium employees that are antithetical to their employers.
     
To improve education, training and awareness of information security norms, the front office must consider changing their personnel and IT security programs. To succeed, employers must teach users that Internet recreation is not allowed on enterprise systems. Prior misbehavior on both personal and work computers is a matter of grave concern, because of the value of IT systems and data. Future misbehavior will be sought out, found, and punished. Those with a prior record of online misdeeds may not be eligible for employment, and the Internet will be searched to verify their backgrounds.
     
IT systems and networks grow more complex by the minute. Business and government have adopted full-scale automation as vital to productivity and efficiency. Yet, their IT systems remain insecure at best, and fatally flawed when personnel misbehavior online is considered. It only takes one malicious or misguided wired user to do grave damage. In building stronger critical infrastructures, enterprises must remember the most critical part of themselves: their people. Educating the user, to ensure that each one understands the importance of information systems in today’s workplace, is fundamental to security.  

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Edward (Ed) J. Appel is CEO of iNameCheck LLC, providing Intelligence, Consulting and Internet research services to business and government. More information at http://inamecheck.com/

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Security’s 2025 Women in Security

Security’s 2025 Women in Security

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • employees-enews

    How to Tailor Security Awareness Training to Employees’ Needs

    See More
  • security awareness training for logistics and transportation companies

    Security awareness training: A business-critical function for the logistics and transportation industries

    See More
  • Cyber Incident Recovery

    Security Awareness Training – Keys to Delivering a Successful Program

    See More

Related Products

See More Products
  • Security of Information and Communication Networks

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

See More Products

Events

View AllSubmit An Event
  • July 18, 2024

    Awareness to Action: Implementing Effective Emergency Preparedness on K-12 Education

    ON DEMAND: In times of crisis, preparedness can be the difference between safety and chaos.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing