The ability for companies and organizations to effectively train their employees on the importance of security was recently brought to light after Security Innovation announced the acquisition of Safelight, a firm that specializes in information security and developer training.

Security Innovation has been trying to develop a strategy to educate software teams and staff on critical security topics and allow them to succeed in their security goals. In the statement Charles Kolodgy, research VP at IDC, said that “low security awareness among employees is an inhibitor to security. This has been represented in IDC surveys that point out concerns about employees not following security policy is the top security challenge facing organizations.”

Research from The Ponemon Institute shows that despite the billions of dollars spent on security products, a lack of security education continues to put organizations at risk. In order to create real change and turn a liability into an asset, the following steps must be taken:

• Proper software training;
• Continuous and compelling reinforcement;
• Maximize knowledge retention; and
• Drive behavior change.

Using these tips, the emphasis can be put on employee training as opposed to the software. This focus will allow organizations to retain employees who value security and help to actively maintain a high level of consistency.