Employee training may be the best defence against corporate IT hackers

Recent research commissioned by Citrix and carried out by Censuswide returned some concerning results regarding employees’ attitudes towards data security in the workplace. The research found that only 35% of employees regularly use passwords to protect files at work, and just two in five are vigilant about shredding sensitive documents. It’s no wonder then that IT insights and trends website Tripwire reports that 59% of data breaches occur not because of malicious hackers, but simple employee carelessness.

While customer data breaches most often hit the headlines, attacks on data pertaining to product information, design, marketing and financial plans could all have significant consequences to a business.

The good news is that Censuswide also found that 90% of the employees surveyed were aware of the importance of data security. Clearly, employee training is essential to bridge the gap between recognising the value of vigilance, and knowing how to protect data

Employee knowledge is your hidden weapon

While up to date security software is vital, it will be of little use if your employees aren’t properly trained to use it. Further training to establish policies and procedures concerning security are also vital. All too often staff simply aren’t aware of their central role in maintaining security. Michael Cobb, founder and managing director of Cobweb Applications, says an effective training programme “has to make it clear that information security is an integral part of everyone’s job with ownership, responsibility and accountability for risk made obvious in policies and job descriptions.”

Furthermore, it’s important that such training is periodic: as technology advances faster and faster, so too must staff be kept informed of the very latest procedures and techniques. “Due to continually evolving technologies and threats, you will need to update and repeat your awareness programmes as you update your security policies,” continues Cobb.

In between formal training sessions, information on how to stay vigilant against data breaches must continue to flow. Chris Mayers, Chief Security Architect at Citrix advises providing “an internal web page with a one-page list of enterprise services – e.g. ‘to do that, use this’ – and a cheat sheet for each service.” He cautions that being rigorous about updating this page is imperative.

“Simply purchasing the new technology won’t increase your level of security,” concludes Dejan Kosutic of 27001Academy.com. “You also have to teach your people how to use that technology properly, and explain to them why this is needed in the first place. Otherwise, this technology will only become what business owners fear the most—a wasted investment.”

VinciWorks’ vast and expanding cyber security training suite prepares users for all cyber risks. It includes hours of training, hundreds of micro-learning modules and topics from social media to IT security. These courses and micro-learning units can easily be configured into a multi-year training plan.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”