Do you know that 39% of data breach was as a result of carelessness by employees?
Your employees could be inadvertently compromising your company’s intellectual property. According to a report published by ‘National Security Institute’ USA, “Innocent but careless employee actions often set the table for attacks by more malicious parties“. These security breaches could be in various forms.
- Passwords used carelessly
- Lost laptops or other mobile devices
- Unsecured access to workspace
- Online data not secured & sharing sensitive information online
- Opening of email attachments from unknown sources
(Source: Ponemon Institute Research Report)
So, what are these threats that organizations are exposed to in this current age of information technology?
In a report titled, “Cyber Security: Keeping up with the threat“, National Security Institute of USA states the following as key threats dogging the government as well as corporate agencies.
1. Cyber Espionage: Data about your organization available online can be accessed by corporate spied or hackers to get sensitive data and information about the organization.
2. Cyber Terrorism: Vested interests taking control of your networked computer system with an intention of inflicting damage.
3. Mobile Computing: While smartphones and mobile devices help employees stay connected with business they also become vulnerable as they carry huge amounts of sensitive data that can be damaging to the organization when it is lost or accessed by unauthorized personnel.
4. USB Drives: Though very convenient in terms of sharing data they can also be used to transmit malicious viruses that can corrupt corporate networks.
5. Social Engineering: Hackers or spies can coax or trick employees to part with sensitive data which employees may share quite unknowingly.
How can you ensure that your organization does not fall a victim of these threats? One sure way is by educating and sensitizing your employees about the risks involved and the importance of the precautionary measures laid out by the IT department. These cannot be a one off effort and has to be an ongoing activity in an organization. Reinforcement of the employee responsibility with respect to IT and data security is extremely crucial in this regard.
It is not always possible to provide face to face classroom training or face to face workshops for the purpose. Having hard Copies of Do’s and Don’ts circulated are not effective either as they are bound to be filed away never to be visited.
Using online methods are extremely effective as information can be shared in multiple formats in an engaging and interactive manner. It could be in the form of short eLearning modules, videos or interactive games and exercises.
What are the ways in which you train your employees about IT security and responsibility of data security? What is the method that best works for your organization? Do share your ideas.