IT
There was a time when IT security was thought to be the responsibility of the CIO or IT department, now it is the responsibility of everyone.
New regulations in the financial services sector makes it even more important. With more recent dramatic increases in targeted security threats, it’s an imperative today that organisations are developing a security culture to ensure that the business and its assets are fully protected.
Nowadays we must consider the human factor in IT security as no matter how tight your policies and technical controls, you cannot be 100% safe without getting the buy-in from your people.
So how DO you go about promoting a security culture?
Provide data security training
Your employees are your biggest asset but they are also the weakest link in your security chain. To get your employees on board you need to educate them on how their everyday tasks and ways of working can put the company at risk. Although your employees might have seen your data security policy, have they actually read it and furthermore do they understand it?
The most effective way to train your staff is to educate them face to face or via online programmes.
Make it real
When teaching employees it’s good to use real examples that employees can relate to. Why not create examples for them which relate directly to their own role.
For example, your executive team will be interested in hearing how spoof emails to senior executives purporting to be from the CEO caused significant losses to companies who were lured into initiating wire transfers. Using real examples helps people relate to scenarios and understand how to be more security aware.
The Banking & Payments Federation Ireland (BPFI) has issues alerts on the subject.
What to include
There are a number of important subjects that you should cover within your data security training plan:
-
How to create and keep passwords safe
-
Importance of using passcodes on portable devices
-
Basic overview of what data security means and how it affects employees
-
What to do if you think you have a virus or malware on your device
-
What to do if you receive a suspicious email
-
What is a secure Wi-Fi spot?
-
What do if they notice something strange happening on their computer
Reminders
There is no shortage of reminders in the media today about security breaches and there is a danger that people will switch off after a while. You should consider how to keep the conversation going at every level in the business and think up new ways to keep security consciousness top of mind!
Short podcasts or videos are a great way to keep people informed and engaged. I find some really useful material from Sophos which I regularly share with my colleagues. Why not check out Chet Chat podcasts or watch the movies.
By Trilogy Technologies.