In the event of information security breach, organizations suffer from reputational damage, followed by huge financial consequences and followed by compliancy issues.
In addition to all other existing potential areas, where information security breach takes place, now- a-days social media has increased vulnerability for information security. The rapid growth of Social media has garnered attention in the commercial space, for those hoping to meet their customers evolving needs and expectations. It presents exciting opportunities to actively engage workforce, customers, suppliers and regulators to benefit from their collective ideas, knowledge and experiences.
A survey conducted by Ernst and Young in 2012, shows that only 19% of organizations, have a coordinated approach led by the information security department for use of social media, while the other 81% of the organizations where open to threats.
Source: Global Information Security Survey
As organizations and individuals continue to use social media in growing numbers, the risk of data loss increases and maintenance of the organization reputation decreases.
Significant areas of risk include:
- Impact to network resulting from increased use of bandwidth by workforce, who can access social media tools at workplace.
- Potential loss of data including intellectual property and personal identifiable information (PII), by those who are actively participating in the social media networks using companies account, or as individual users.
- Increased risk of legal liability, if an organization or employees use social media tools inappropriately.
Organizations get exposed to losing confidential information, due to possibility of data spills, caused by posting too much or unauthorized information for public viewing. Organizations can significantly reduce the risk by developing and communicating usage policies. The information security practitioners need to educate employees, on social media policies and supportive procedures, which clearly detail what is acceptable and what is not acceptable for employees to do. A significant intervention of training and awareness on information security helps in mitigating the risk of information security breach.
So training your employees on information security is very important. Such training:
Reduces organization’s risk profile: Good information security training gains confidence, trust and loyalty. It reduces the risk of devaluating the organization’s brand.
Reduces direct and indirect costs: Strict information security training, helps cut down the expenses associated with data loss, data recovery etc., thereby reduces direct and indirect costs.
Reduces technology leakage risks: There is always a possibility of making careless mistakes. Thus, in order to protect our technology from being hacked, training is necessary.
The organization should integrate a well-rounded information security awareness training program, as a key to business success. Enforcing sound security practices and implementing mandatory user education on the risks to the workforce, is the key to minimizing security risks to information.