To err is human…

As more and more information is held in digital databases by more and more organisations, the risks involved for all of us necessarily increase. Digital assets targeted by criminals include commercial information, business strategy, and customer payment card and contact details. If your organisation holds any sensitive digital information at all then this is your concern. The question is: is your information security as good as you think it is?

Some thought-provoking numbers

According to the National Audit Office, the estimated annual cost of cyber crime to the UK is somewhere between £18 billion and £27 billion, and yet 80% of the 44 million cyber attacks in the UK in 2011 could have been prevented by simple computer and network “hygiene”. More worrying still, Verizon’s recent Data Breach Investigations Report found that 85% of data breaches took weeks or more to discover, and 92% of incidents were discovered by a third party.

In other words there were an estimated 35.2 million easily-avoidable cyber attacks in this country which unnecessarily wasted millions of pounds, all because of poor security. Not only could you be leaking sensitive data right now, you probably won’t even know you are till someone else tells you about it in a few weeks’ time. And by then it could be too late.

So I’ll ask that question again: are you absolutely sure your information security is as good as you think it is? Or do you think you could do more?

Major causes

The Symantec Corporation and Ponemon Institute’s 2013 Cost of Data Breach report details the three main causes of data breach in the UK last year: 29% of security incidents were caused by a system glitch, 34% were caused by malicious attack, and 37% by human error. And despite the fact that the human element accounts for the majority of data leaks and security breaches, it is often neglected by inadequate security systems whose remits do not allow for the fact that good cyber security covers computers’ operators as much as computers themselves.

Indeed, the 2013 Information Security Breaches Survey from the Department for Business, Innovation and Skill found that 93% of companies where the security policy was poorly understood had staff-related breaches. That couldn’t really be any clearer an indication of the importance of proper staff training. If you don’t train your staff properly then all your expensive security systems are essentially worthless and you may as well invite the criminals in for tea and cake and hand them all your information personally.

IT Governance provides a wide range of training and staff awareness courses to help secure your valuable information against human error. Whether you want an e-learning course for your entire workforce to achieve PCI DSS compliance, need a foundation course in the Data Protection Act, are implementing ISO27001 or ISO22301 and need formal training, or you want a professional qualification (including, amongst many others, CISA, CISM, CGEIT, CISSP) to enhance your career, we can help you. Visit our website to see what we can offer you.