Cultural Strategies For Data Security (£)

Uploaded on 2016-11-21 in Directors Reports

Information security is a complicated and often difficult subject to completely understand and it can easily engulf your thoughts as the range of the security issues seems to expand with the IT conversations.

The traditional manner wherein such things as security operate is often that particular departments oversee their areas of security, they then control and report back their issues and successes to the senior management and to the Board when necessary.

However, times have completely changed, and the idea that we are still able to operate data within particular areas and departments, that only oversee their own requirements has now transformed with the introduction of the digital global-space. 

Traditionally, info/data security inside an organisation has been seen as a function looked after by a few individuals or one department. But, as the sheer amount of electronic and paper information collected throughout organisation increases, the understanding and management of data has to change.

Certainly one of the best ways to protect company information is to create an engaging corporate culture that understands information security as a shared responsibility among all employees and adds bonuses for accomplishment and success. 

This should be done by applying regular and comprehensive training programs for all employees. The employees and the trainers should discuss everything from secure ways to use, manage, store and abolish physical and digital data. They should discuss everything from the current hacking techniques and such things as phishing and fake emails.

According to our research and other research we have reviewed, most businesses are not focusing on and employing the required programs for staff, management and Board level training in IT and cyber security.

Recent Research

Our recent research, suggests that over 80% of small and medium sized businesses are not employing on-going information security to stop and reduce crimes, fraud and data breaches. Most companies that have security briefs do them only once or twice a year. 

Nearly 30 percent told us that they have never trained their employees on legal compliance requirements or their own company information security procedures and that these requirements were not up-date in a secure and timely manner.

Most of our research suggests that staff often forget and or do not employ the security they are required to as the average work day takes over from training requirements. Most people forget this kind of training within hours or days of the infrequent and ‘boring’ training requirements as there is not incentive to apply the outcomes. 

Training and education must be reasonably frequent through-out the year so that the employees gain a real understanding and engagement with the risks and issues and to do this there should be training bonuses. 

Organisations that do not provide on-going education and training give employees the belief that the business and management has security being undertaken by others and the culture suggest that they need not concern themselves with the issues.

Culture of Information Security

The Board and Management must demonstrate engagement with information security and it must promote employee bonus to those that follow suit. It is very important to encourage participation from all areas of the organisation and you should mix departmental engagement appointing staff from a range of different departments to participate on improving information security practices.

Promotion and Thought Leadership 

Use propaganda and carefully constructed posters and news thoughts about the ways to improve security within your organisation. Explain new news items that potentially could have a negative effect if the news outcomes where applied to your business. 

Frequent Training Programs

Successful training programs, similar to school and university lessons and lectures require a continual method that comes at the issues and problems from different directions with engaging out-comes. Training should occur throughout the year and include various modules that focus on organisational information security policies. This must be a "multichannel" approach utilising a mix of personal and digitally-delivered video training engage employees on how to enact security and to discuss this with other employees.

Working from Home and BYOD

A growing number of staff are now working from home on different days and are frequently outside the traditional business office environment. Ensure training addresses the safety of confidential information for both office and remote working and the issues that effects these different types of environment. 

 

« Information Analysis Is The New Revolution (£)
Social Media & The New Advertising Model (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Social-Engineer Inc

Social-Engineer Inc

Social-Engineer is a consulting and training company specializing in the science of social engineering in the context of digital security.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

Qubitekk

Qubitekk

Qubitekk has developed quantum cryptography solutions for the machine-to-machine (M2M) communications market.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

Swimlane

Swimlane

Swimlane is a leader in security automation and orchestration (SAO). Our platform empowers organizations to manage, respond and neutralize cyber threats with adaptability, efficiency and speed.

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center is a not-for-profit organization focused on regional cybersecurity excellence and readiness, with a special emphasis on the maritime community.

CSIRT-IE

CSIRT-IE

CSIRT-IE is the body within the NCSC that provides assistance to constituents in responding to cyber security incidents at a national level for Ireland.

Blancco Technology Group

Blancco Technology Group

Blancco Technology Group is a leading global provider of mobile device diagnostics and secure data erasure solutions.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Octane OC

Octane OC

OCTANe is building the SoCal of tomorrow. We drive innovation and growth by connecting people, resources and capital. Our Incubator focus is FinTech, Data Analytics and Cybersecurity.

CoverWallet

CoverWallet

CoverWallet combines deep analytics, thoughtful design and state of the art technology to help small businesses with all their insurance needs including Cyber Liability.

Space ISAC

Space ISAC

Space ISAC is the only all-threats security information source for the public and private space sector.

Techfusion

Techfusion

Techfusion is a cyber security research and consulting firm focusing on digital forensics and data recovery.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

Earlybird Venture Capital

Earlybird Venture Capital

Earlybird is a venture capital investor focused on European technology innovators.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.