Implementing a culture of data security awareness requires persistence and the right tools

19/03/2012

Ely, England, 19 March 2012 – Statistics show that a large percent of data breaches are the result of internal failures and lack of awareness, rather than the result of external theft. For many organisations staff are the weakest security link and, only systematic, ongoing training will overcome this weakness.

The most recent 2012 data protection survey, undertaken by the Irish Computer Society (ICS), confirms these statistics for Irish companies. It is likely that a similar picture can be painted for the rest of Europe. According to the survey 58% of the breaches, which the interviewed Irish companies suffered, were caused by a staff member, proportionally more a result of internal failure and lack of awareness, rather than from external data theft. 34% rated their companies as placing too low a priority on Data Protection, while 28% believed that the greatest threat to an organisation’s assets come from negligent employees.

The new data protection (DP) regulations, announced earlier in January 2012, are due to take effect across Europe in early 2014. This means that European organisations have less than two years to prepare for meeting the requirements. Staff training will be a major issue and given the time it takes to educate people, organisations should start the process early on. E-learning is one of the favourite approaches to training non-technical staff, because it is convenient and cost-effective.

Alan Calder, CEO of IT Governance, says, “While organisations have recognised that using appropriate technology to protect data is important, they still need to get to grips with understanding and adopting an integrated approach to data protection and information security. Such approach involves both technology and people. It doesn’t matter how much money you spend on software applications if your employees undermine your efforts, consciously or unconsciously.”

“Data protection and cyber security issues need to be addressed at the employee entrance level. A firm’s foundation is built on the employees ability to understand the implications of his or her actions and be mindful of these in their daily activities. The education of staff must be continuous, measured and improved upon.” adds Calder.

The IT Governance e-learning courses have already been embraced by clients as an effective tool for educating users and for meeting compliance requirements. They are designed to increase employees’ awareness of the relevant Standards requirements and thereby reduce the organisation’s liability due to security failures.

The available e-learning courses are:

One year user licences can be purchased one-at-a-time for just £45 each or in bulk at discounted prices: www.itgovernance.co.uk/itg-elearning.aspx .

For larger numbers of users, a customisable version of the course is available which enables clients to closely tie the e-learning content to their own procedures and culture. You can e-mail IT Governance at servicecentre@itgovernance.co.ukor telephone + 44 845 070 1750 to find out more.

This website uses cookies. View our cookie policy