Just read “Why you shouldn’t train employees for security awareness” @Computerworld and found the perspective interesting, though clearly biased. Obviously, the author is the CEO of a company that sells security solutions, so that explains the bias… But the article actually brings into focus, for me, anyway, the need for organizations to take BOTH technological measures to protect against cybercrimes and employee training. Fact is, training employees to understand how to protect themselves and the company from cybercrime can be either awfully or in a way that creates a culture of vigilance. You want to be in the latter camp, for sure.
My grandfather, a NY City detective, used to say “There is no lock that will stop a determined thief.” While that may have been true when he was on the beat in the 1930s, it is even more true today. You cannot rely solely on technology to protect your company — your people need to be trained to enforce security policy, recognize threats and embrace a culture of healthy vigilance.
So sure, take active measures to segregate and secure data, actively monitor for threats, classify users and access to systems etc etc. But also prepare your people for the digital, social media connected world too.