Online all the time, anywhere with anything
Call Us: +46 8 50003170

Training of end users is the most important security investments

Ove is passionate about training

With the upcoming GDPR for personal identifiable information (PII) many consultants, lawyers, security professionals and vendors are selling services and products for compliance.

The most important investment all organizations can do is to raise the awareness and competence by training their end users in being aware of GDPR and security. Unfortunately are too many managers considering training as an unnecessary cost. Even though many of them claim that the staff is the most important asset, I have written earlier how company can gain one week/employee and year in an earlier post.

Many surveys and reports show that the human factor is one of the reasons why many security breaches happen. With GDPR I predict this will be even worse due to these facts.

  • Awareness of what PII is and of the GDPR is very low.
  • Security professionals and vendors are marketing their products and solutions as being the best thing since sliced bread.
  • You can´t control the human behavior. (I hope this is true, I know some claim they can).
  • The time it takes to learn that a breach of PII due to human error is very high.

I am afraid that many companies will be setting up short introduction and produce documents to inform their employees and see that as the training. This is an illusion to think this is enough.
To be sure that the employees, contractors and partners are being aware enough you need constantly invest in the competence of your end users. The traditional forms of trainings, information meetings is not enough and will be just a waste of time and money.

To be successful organizations need to invest in a wide range of delivery platforms for raising the awareness and competence, these platforms can be

  • Quarterly training sessions combined with analyzing incidents that the group has seen.
  • Digital classrooms for larger audience spread over many countries and regions.
  • Use of MOOCs(Massive Open Online Courses) on platforms such as EdX and coursera.
  • Give more staff responsibility for cyber security and handling of PII in their part of the organization.
  • Promote users to report incidents concerning security and PII breaches. This is very important, do NOT punish users who report that they have made a mistake.

We at NetIntegrate are passionate about sharing our experiences and competence, even our business colleages(some say competitors) ask us about PII and GDPR.

Do you need a GDPR coach, do book our resources today.


GDPR coachn