Employee training may be the best defence against corporate IT hackers
Mon, 16 May 2016 13:09
Recent research commissioned by Citrix and carried out by Censuswide returned some concerning results regarding employees' attitudes towards data security in the workplace. The research found that only 35% of employees regularly use passwords to protect files at work, and just two in five are vigilant about shredding sensitive documents. It's no wonder then that IT insights and trends website Tripwire reports that 59% of data breaches occur not because of malicious hackers, but simple employee carelessness.
While customer data breaches most often hit the headlines, attacks on data pertaining to product information, design, marketing and financial plans could all have significant consequences to a business.
The good news is that Censuswide also found that 90% of the employees surveyed were aware of the importance of data security. Clearly, employee training is essential to bridge the gap between recognising the value of vigilance, and knowing how to protect data
Employee knowledge is your hidden weapon
While up to date security software is vital, it will be of little use if your employees aren't properly trained to use it. Further training to establish policies and procedures concerning security are also vital. All too often staff simply aren't aware of their central role in maintaining security. Michael Cobb, founder and managing director of Cobweb Applications, says an effective training programme "has to make it clear that information security is an integral part of everyone's job with ownership, responsibility and accountability for risk made obvious in policies and job descriptions."
Furthermore, it's important that such training is periodic: as technology advances faster and faster, so too must staff be kept informed of the very latest procedures and techniques. "Due to continually evolving technologies and threats, you will need to update and repeat your awareness programmes as you update your security policies," continues Cobb.
In between formal training sessions, information on how to stay vigilant against data breaches must continue to flow. Chris Mayers, Chief Security Architect at Citrix advises providing "an internal web page with a one-page list of enterprise services – e.g. 'to do that, use this' – and a cheat sheet for each service." He cautions that being rigorous about updating this page is imperative.
"Simply purchasing the new technology won't increase your level of security," concludes Dejan Kosutic of 27001Academy.com. "You also have to teach your people how to use that technology properly, and explain to them why this is needed in the first place. Otherwise, this technology will only become what business owners fear the most—a wasted investment."
DeltaNet offers a complete suite of compliance eLearning, including modules on data protection, making it easier than ever to ensure your employees understand their role in protecting valuable information. As well as engaging training modules, DeltaNet's Astute eLearning Platform has recently received a Risk Manager extension, enabling you to identify - and bridge - IT security gaps easily. Browse our Compliance eLearning courses.