Beefing Up Cybersecurity Training

A new <a href="http://webobjects.cdw.com/webobjects/media/pdf/Newsroom/2009-CDWG-Federal-Cybersecurity-Report-1109.pdf">report</a> by CDW-G calls for more training of federal employees as a means to confront and combat cybersecurity threats. The report, which is based on a survey of 150 federal civilian and 150 Defense Department information technology professionals, found that more than half of all federal agencies experience a cybersecurity incident at least weekly, with the number and severity of these incidents staying the same or increasing over the past year.

A new report by CDW-G calls for more training of federal employees as a means to confront and combat cybersecurity threats. The report, which is based on a survey of 150 federal civilian and 150 Defense Department information technology professionals, found that more than half of all federal agencies experience a cybersecurity incident at least weekly, with the number and severity of these incidents staying the same or increasing over the past year.

IT professionals surveyed touted the use of cybersecurity training as a means to combat these threats. For example, 82 percent said their agencies provide ongoing training classes on security policies and procedures, while 79 percent said they train new employees on computer security policies and procedures. Despite this training commitment, however, agencies are still experiencing unacceptable and avoidable internal risks. More than 70 percent of IT professionals, for example, said they still have seen inappropriate Web surfing or downloads within the past 12 months, while 40 percent say they have seen unauthorized transfer of sensitive information. Nearly half of IT professionals said they have seen employees post passwords in public places.

The report recommended reassessing end-user training by establishing a program and metrics to measure training success and communicating security policies that include guidelines for acceptable use. The report also recommended establishing consequences for employees who do not comply with agency cybersecurity policies.