Information (both confidential and public), for any organization, is very important as they rely heavily on it to perform their business. Especially in today’s interconnected business environment, information is considered to be an important asset, playing a vital role in the survival of business. So any information leak is painful.
Due to advances in technology, companies are using internet to access and store data, adopting remotely hosted services (Cloud computing), allowing access to social networks and using smartphones and tablets for business activities, presenting information to a growing number and a wider variety of threats and vulnerabilities.
In a survey (of 1,402 respondents) conducted by the Department for Business, Innovation & Skills (BIS) and PricewaterhouseCoopers (PwC) on Information Security Breaches (2013), the number of security breaches affecting UK business continues to increase.
The total cost to UK, because of security breaches is in billions of pounds per annum and has roughly tripled over the last year.
Given the way that businesses are using technology, it has become very important that they have a standard policy of security and processes, to protect their information against threats.
On the positive side, today almost every organization has a written security policy, to prevent breaches. Having a strategy or policy and technology in place however, is just a starting point; integral to its success, is the knowledge and awareness about the policy and threats.
Organizations spend millions of pounds on technology to manage their information security problems, but fail to address the human element or employees, ignoring the fact that the employees and their access behavior, are the biggest threats to their information security.
The same survey report shows that
The best way to achieve perfect security is not just bringing in complex technology solutions; it is by raising awareness and training the staff who actually work with systems, computer networks and confidential information.
The report also gives clear evidence of return on investment in staff training as the rate of breaches were halved compared to others, wherein the policy was poorly understood by the staff.
Educate your staff; let them know that they represent the most important part of your security program. Formal Training can help them understand the risks and be prepared to defend.
Don’t wait for a serious breach to take place before thinking of training your staff, Investing in training can be one of your preventive measures to avoid information security breaches.
Awareness, Capacity and Willingness to act, is the key to effective security! What do you say? Do share your thoughts with us.