Quite a few security issues have impacted the business world over the past few months. The Conficker worm was considered a possibly damaging issue. The Nine Ball outbreak looked like it had the potential of unleashing some serious damage on the enterprise after it compromised 40,000 legitimate Websites. In the meantime, malware has ravaged the Web, causing security firms to find new ways to confront issues. It's a real problem.
The business world knows that. Instead of turning a blind eye to malware, more firms are doing things that, they hope, will limit the amount of malware making its way into the network to threaten mission-critical data. More companies than ever are deploying multiple layers of security, including software solutions, hardware stopgaps, and limits on employee Web traffic. They reason that by stopping the user from accessing malicious sites, blocking that malware before it even gets into the network, and stopping the rest that might squeak their way in by circumventing the other protections through software, it will ensure that security issues might be stopped before they become harmful. Admins are also forcing employees to run with limited rights, so they don't have too much liberty to download (knowingly or not) software that could wreak havoc on the network.
But lost amid all those security initiatives is education. It's not coveted in the enterprise. For the most part, companies are realizing that deploying a solution such as Microsoft Security Essentials, a free software package from Microsoft to protect Windows users, is far more reliable than spending valuable company time trying to educate employees about the dangers of the Web.
On one hand, it makes sense. Companies are trying desperately to grow or maintain their business as the economic downturn continues to impact the world. Spending time educating employees on the dangers of the Internet might not make too much sense, since that time could be better spent getting employees to work. Plus, with all the aforementioned security features in place, companies believe that the number of instances impacting the enterprise aren't so high that educating employees would be all that necessary. Simply put, it's cheaper to not worry about the employees' understanding of Web dangers and deal with issues as they break out, rather than spend time educating employees on items that could be a problem.