There was a time when IT security was thought to be the responsibility of the CIO or IT department, now it is the responsibility of everyone across the business. With more recent dramatic increases in targeted security threats, it’s an imperative today that organisations are developing a security culture to ensure that the business and its assets are fully protected.
Nowadays we must consider the human factor in IT security as no matter how tight your policies and technical controls, you cannot be 100% safe without getting the buy-in from your people.
So how DO you go about promoting a security culture?
Provide data security training to end users
Your employees are your biggest asset but they are also your weakest link in your security chain. To get your employees on board you need to educate them on how their everyday tasks and ways of working can put the company at risk. Although your employees might have seen your data security policy, have they actually read it and furthermore do they understand it?
The most effective way to train your staff is to educate them face to face or via online programmes.
Make it real
When teaching employees it’s good to use real examples that employees can relate to. Why not create examples for them which relate directly to their own role.
For example, your finance team will be more interested in hearing how spoof emails to a CFO from a CEO, caused significant losses to companies who were lured into initiating wire transfers. Using real examples helps people relate to scenarios and understand how to be more security aware.
What to cover
There are a number of important subjects that you should cover within your data security training plan:
- Basic overview of what data security means and how it affects employees
- How to create and keep passwords safe
- Importance of using passcodes on portable devices
- What to do if you receive a suspicious email
- What to do if you think you have a virus or malware on your device
- What do if they notice something strange happening on their computer
- What is a secure Wi-Fi spot?
There is no shortage of reminders in the media today about security breaches and there is a danger that people will switch off after a while. You should consider how to keep the conversation going at every level in the business and think up new ways to keep security consciousness top of mind!
Short podcasts or videos are a great way to keep people informed and engaged. I find some really useful material from Sophos which I regularly share with my colleagues. Why not check out Chet Chat podcasts or watch the movies.
People can be very interested to hear there’s more risk with Pokemon these days than just walking into a tree. Would you back yourself to spot the difference if you downloaded a dodgy version by mistake?