Company executives would like to think they have done a good job making clear that information security is important. And by some measures, they have. In a recent survey of 2,000, security firms, Clearswift found that 74 percent of employees felt "confident"  that they understood their employer's security policies designed to protect data and the IT infrastructure.

But Clearswift thinks this number may be misleading. The firm argues this "because a third of those surveyed have not received any training on IT security since joining their firm. And more than two thirds of those who have not had recent training joined their organization more than five years ago--a 'technological lifetime,' " according to CSOonline.

Indeed, while it's easy to pay lip service to information security, it's a lot harder to follow up with the kind of training that security best practices would require. At smaller companies especially, training is easy to overlook. It is an added cost after all. But in a fast-moving technological environment, regular training is perhaps a necessary step toward protecting the organization.

Consider the rise of mobile communications--what are the rules? Are people allowed to forward email documents via their smartphones? What about social media--are employees allowed to post from work? There's a lot of grey areas, to be sure. A regular training program at least forces people to think about these tricky areas and formulate some policies.

For more:
- here's the article

Related Articles:
Data theft overtakes physical theft
The future of IT security professionals
Security holes in mobile bank apps
iPad enterprise security issues can be overcome