Verizon’s 2016 Data Breach Investigations Report (DBIR) report shows that 73% of all healthcare security incidents recorded in 2015 fall into three categories:
- 32% theft and loss
- 23% privilege misuse
- 18% miscellaneous errors
The above categories have one thing in common: the human factor. It’s therefore reasonable to say that almost three quarters of healthcare security incidents were caused by human mistakes, either malicious or inadvertent.
Employees losing assets is 100 times more likely than theft
Common strategies for dealing with information security incidents are inadequate. Data encryption just mitigates the impact of theft and loss. Equally, restricting user access to the most valuable data does not prevent 100% of incidents, including inadvertent public disclosure. What companies should do is eliminate the problem at its root.
The problem lies in the lack of communication about information security procedures and processes. If employees were aware of such procedures and the consequences the company faces for losing sensitive information, they wouldn’t be that careless.
Reduce the communication gap with staff training
Through staff education, companies can make sure that:
- Information security policies and procedures are shared throughout the whole organisation, home-based staff included;
- Compliance requirements are understood and respected;
- Security incidents are more likely to be prevented.
The Information Security and ISO27001 Staff Awareness E-learning course is the most cost-effective way to train your whole staff at once. It has been specifically developed for all employees who need fundamental knowledge of information security – the ISO 27001:2013 standard in particular – and use information technology in their daily job.
Furthermore, it can be customised to match your corporate identity, and to incorporate company policies and procedures. See more in details.