Technical solutions to IT systems security are an important part of an overall security strategy but, no matter how well they operate, will be ineffective to combat security breaches caused by human error. This is why user awareness training must be a fundamental part of an effective security strategy.
Part of any effective mitigation strategy in IT security must reduce the possibility of user error and educate users about how their actions and decisions can impact system security. Awareness training must be structured and presented in a way that is easily understood and gives clear direction about how users need to make decisions when taking actions that have the potential to breach security. Training needs to be continuous, relevant to the user’s role and practical to be effective and should include interactive content that helps users apply what they have learned and be able to ask questions.