Home » Hot Buttons » Proper Training: — How can training change behavior?

Proper Training: — How can training change behavior?

Nearly every organization that has reported having an information loss or breach since 2005 had some form of compliance and training measures in place. Taking a policy template, answering general questions, putting your name on it, then asking employees to sign it does not pass as employee training. Half-heartedly giving employees a couple of scenarios and asking them to agree to log off the computer, change their passwords, lock up, and shred will not ensure defendable behavior.

Don't be Fooled!

Training is needed on several levels to build a defensible position for any size organization. Initially, the individual or team in charge of assessing risk, facilitating design, implementing and maintaining the Identity Theft Prevention Program must be able to demonstrate a degree of expertise for managing information exposure. This includes a broad understanding of information law, prudent practice standards (of which technology is only a portion), program infrastructure, and methodology.

Once the Identity Theft Prevention Program is established, training for managers, employees, and sub-contractors must be relevant for their workspace and allow them to continue to perform their tasks efficiently. For instance, let’s say that all employees are asked to adapt a sixteen digit password, it must include letters, numbers, and symbols, it must be changed every thirty days, and the same password cannot be used twice in the same year. Sounds good, right?

While that may sound secure to some well-intentioned, security minded individuals, not all employees may be able to work efficiently under those parameters. They may write it down on post-it notes stuck on their monitors or under their keyboards. They may stop logging off of their computers when they leave their workspace. The point is that unless training is relevant to an employee’s work situation, they will circumvent security measures for the path of least resistance to productivity.

“A defensible position for training must be derived through a collaborative assessment of privacy, security, usage, and response practices, and must be relevant to each individuals work habits to change culture.”

A Medium to Large Organization A Small Business
Share on Social Media:
  • Print
  • Facebook
  • Twitter
  • LinkedIn

  • From Your Peers:

    • I appreciate you sitting down with me and telling me about the program. I think it’s going to be a GREAT program to offer to our members and I look forward to working with you. I appreciate everything your business is doing to help local businesses and I look forward to my members learning about the laws and regulations and helping to protect themselves. Makes sure to send me everything, so I can get it started!

      Jaclyn Dugan-Roof, Executive Director Bradley-Bourbonnais Regional Chamber of Commerce

    • The Illinois Quad City Chamber of Commerce is acutely aware of our member businesses' belief that they are doing "everything they can" to protect information, when in fact they are not.  We see it everyday... entire credit card numbers printed on "merchant copy" receipts; television media stories finding complete medical history forms in the trash where an inexperienced data entry person tossed them (without shredding first)... and the list goes on.

      Your members will appreciate your effort to bring this issue to their attention, and a large percentage (if not all) will be able to identify one or more areas in which their business needs to adjust their operating procedures to be in compliance.  We have had nothing but positive response from our members who attended Identity Theft Loss Prevention, LLC presentations, and look forward to bringing this in front of additional members in the future."

      Sue Martel, Director of Business Services and Operations Illinois Quad City Chamber of Commerce