Cultural Strategies For Data Security (£)
Information security is a complicated and often difficult subject to completely understand and it can easily engulf your thoughts as the range of the security issues seems to expand with the IT conversations.
The traditional manner wherein such things as security operate is often that particular departments oversee their areas of security, they then control and report back their issues and successes to the senior management and to the Board when necessary.
However, times have completely changed, and the idea that we are still able to operate data within particular areas and departments, that only oversee their own requirements has now transformed with the introduction of the digital global-space.
Traditionally, info/data security inside an organisation has been seen as a function looked after by a few individuals or one department. But, as the sheer amount of electronic and paper information collected throughout organisation increases, the understanding and management of data has to change.
Certainly one of the best ways to protect company information is to create an engaging corporate culture that understands information security as a shared responsibility among all employees and adds bonuses for accomplishment and success.
This should be done by applying regular and comprehensive training programs for all employees. The employees and the trainers should discuss everything from secure ways to use, manage, store and abolish physical and digital data. They should discuss everything from the current hacking techniques and such things as phishing and fake emails.
According to our research and other research we have reviewed, most businesses are not focusing on and employing the required programs for staff, management and Board level training in IT and cyber security.
Recent Research
Our recent research, suggests that over 80% of small and medium sized businesses are not employing on-going information security to stop and reduce crimes, fraud and data breaches. Most companies that have security briefs do them only once or twice a year.
Nearly 30 percent told us that they have never trained their employees on legal compliance requirements or their own company information security procedures and that these requirements were not up-date in a secure and timely manner.
Most of our research suggests that staff often forget and or do not employ the security they are required to as the average work day takes over from training requirements. Most people forget this kind of training within hours or days of the infrequent and ‘boring’ training requirements as there is not incentive to apply the outcomes.
Training and education must be reasonably frequent through-out the year so that the employees gain a real understanding and engagement with the risks and issues and to do this there should be training bonuses.
Organisations that do not provide on-going education and training give employees the belief that the business and management has security being undertaken by others and the culture suggest that they need not concern themselves with the issues.
Culture of Information Security
The Board and Management must demonstrate engagement with information security and it must promote employee bonus to those that follow suit. It is very important to encourage participation from all areas of the organisation and you should mix departmental engagement appointing staff from a range of different departments to participate on improving information security practices.
Promotion and Thought Leadership
Use propaganda and carefully constructed posters and news thoughts about the ways to improve security within your organisation. Explain new news items that potentially could have a negative effect if the news outcomes where applied to your business.
Frequent Training Programs
Successful training programs, similar to school and university lessons and lectures require a continual method that comes at the issues and problems from different directions with engaging out-comes. Training should occur throughout the year and include various modules that focus on organisational information security policies. This must be a "multichannel" approach utilising a mix of personal and digitally-delivered video training engage employees on how to enact security and to discuss this with other employees.
Working from Home and BYOD
A growing number of staff are now working from home on different days and are frequently outside the traditional business office environment. Ensure training addresses the safety of confidential information for both office and remote working and the issues that effects these different types of environment.