The topic of end-user security training is always a fun one to bring up because of the wide array of opinions on its relative value. On one end you have the security admins who believe that not only does end-user training not help, it provides the end-users with knowledge and tools that can make the security situation worse on the network. On the end of the scale are those security admins who believe that the only way to really secure the network on the host level is to teach the users good security habits. Most of us lie between these two extremes.
While end user training will never be a panacea, a certain level of training and awareness of security issues on the end user's part can make a big difference in terms of managing the number of worms, Trojans and viruses on your network. Users can be trained to not click on email attachments from unknown senders, be trained in how to examine URLs in links so that they can determine if there might be something amiss with the link, and how to check email headers in suspicious messages. True, not every end user is going to be interested and not all will take your advice, but if there are enough end users who are interested in good computer security practices, there is the potential for them to create a critical mass and group dynamics will then come into play to bring the stragglers up to speed.
The problem is that IT admins are computer admins, not trainers or teachers. If they wanted to be trainers or teachers, they would have gone into the training or teaching industries. There is also the time involved, as you need to develop training materials and prepare presentations. The truth is that you really don't need to do all that much work. Just 15 minutes a week preparing an email or flyer or poster can go a long way at teaching your employees better network security practices.
If you're interested in employee training and wondering how to get started, check out this article http://www.microsoft.com/midsizebusiness/network-security-audit.mspx The author brings up a number of using ideas that you can put into practice immediately.
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: [email protected]
MVP - Microsoft Firewalls (ISA)