Security awareness training may seem like a good place to start a security program, and it can be. But to get the full benefit you should make sure it can be tailored to your needs.

No training program in any discipline is likely to provide much more than a break for employees and exposure to terminology if it isn’t put in the context of an individual’s roles and responsibilities.

The advantages of security awareness training can be:

1) Staff understanding of the importance of protecting information they may feel is not necessary to worry about, reducing likelihood of breaches and incidents

2) Learning a common language for communicating about security issues which keeps everyone on the same page, and helps keep things from falling through the cracks that result in losses

3) Generating ideas for new ways to efficiently protect company assets (of course the ideas must be acted on to be able to realize savings)

4) Establishing a set of cultural norms that everyone can live with and use to sustain good security habits, again, reducing likelihood of losses

5) Ensuring not only that industry compliance requirements for training are met, but that the effects can actually help maintain compliance in other areas

So, training can be a great kick-start for security.  However, the key is to do an early assessment of where the deficiencies in the organization are.  This will allow for a more targeted and tailored program, so you aren’t spending money where it’s not needed; savings can be used in other areas of security to bring additional savings to the bottom line.