Q: Your CEO phones for help in dealing with a major malware intrusion and asks for your password. Should you disclose it?
If you or your employees can’t answer this question, your organisation may be in trouble…..
This is just one of hundreds of situations and scenarios employees can be confronted with at or outside work. The ability for staff (or the lack of it) to behave adequately in situations (like the above) can have a serious impact on your business.
Raising information security awareness is not an easy task. It has to be supported by visible leadership and clear organisational values. People will always make mistakes and create security incidents. Some may be tricked and manipulated by external influences and a few disgruntled, and possibly dishonest employees may cause considerable loss and damage to your company. Raising awareness will make your employees more alert to threats. Aligning your requirements with the values and culture of your organisation may turn even those disgruntled employees into followers.
Why should you bother raising information security awareness amongst staff?
- Members of staff are a key part of ensuring that you protect the crucial intellectual assets of your organisation, namely your confidential information, relationships and reputation.
- Staff who don’t understand what behaviour is expected of them may be putting your information and business at risk.
- Poorly trained front-line staff may mean the organisation is vulnerable to phishing, pharming and social engineering attacks
- Poorly trained data handling staff may mean cause breaches against the Data Protection Act (DPA) – potentially leading to £500k fines
- Poorly trained HR, supervisory and other management staff may mean significant levels of an insider attack. (Did you know… insider attacks are responsible for perhaps half of all breaches).
What can you do?
- Implement an integrated training policy relevant to your organisation to support the desired culture
- Constantly update and remind your staff of the importance of information security
- Train staff without them realising they are being trained – create fun and interactive ways of bringing your messages across
- Engagement is key – getting employees engaged can achieve more than enforcing just a policy
Why should you use e-learning to raise information security awareness?
- In a very short time employees will be able to get an overview of the relevant topic (i.e. information security, data protection, compliance etc.), and why it is important
- They will be able to apply this knowledge to protect their own personal information as well as the organisation’s information assets.
- There are no travel or other course attendance costs.
- It is flexible and convenient – employees can study from their desk top and in their spare time.
- It is fun – e-learning uses interactive techniques and it doesn’t feel like work; at the same time it is effective, enabling employees to understand and remember things easily.
IT Governance has a range of e-learning courses available to help you raise awareness amongst your staff on the subject of information security.
A customisable courseware option is available for bigger organisations that are buying a multi-user license. Call 0845 070 1750 to discuss your options now!
The IT Governance e-learning courses have already been embraced by clients as an effective tool for educating users and for meeting compliance requirements. They are designed to increase employees’ awareness of the relevant Standards requirements and thereby reduce the organisation’s liability due to security failures.
The available e-learning courses are: