New staff can mean more information security risks, warns expert

22/01/2013

If you have just hired new staff, or have a high staff turnover, you are probably exposed to an increased risk of a security breach occurring. Growing cyberattacks, including an increasing number of phishing and pharming scams facilitated by the use of social media, are only some of the challenges modern companies have to face when dealing with staff issues.
 
Alan Calder, CEO of IT Governance says, “Companies need to become more sophisticated in their methods to communicate security policies to staff and educate employees in key information security principles. Methods such as e-mail or print material are not effective enough, they can be easily ignored and the level of staff understanding cannot be monitored.”
 
In a blog post, RSA cybercrime specialist Limor Kessem stated that the total number of phishing attacks launched in 2012 was 59% higher than the total calculated for 2011 — up from 279,580 attacks to 445,004, costing the global economy over $1.5 billion in fraud damages.
 
So do you know how much ill-informed employees cost your company? Do they know the dos and don’ts of your corporate information security policy?
 
Calder explains, “Some data breaches can be avoided if companies take care to convey key information security principles to staff, and do so, on a continuous basis. New, ill-informed employees are more likely to breach the company’s security policy, but existing staff must also be given regular refreshers and be made aware of scam threats.”
 
Conventional staff awareness training may not be the most effective way to familiarise staff with security policies and classroom training can be too expensive or too time consuming for employers. Information Security Staff Awareness e-learning on the other hand, offers a pragmatic approach to staff training whilst being cost-effective and requiring minimal administration. Information Security Staff Awareness e-learning also provides employers with tools to monitor staff progress and hard evidence that training has actually taken place.
 
Companies that are implementing an information security management system to comply with the ISO27001 standard will benefit considerably from deploying the Information Security & ISO27001 Staff Awareness e-learning course.
 
IT Governance offers a number of information security e-learning courses designed to meet compliance requirements. They can be viewed online at www.itgovernance.co.uk/itg-elearning.aspx.
This website uses cookies. View our cookie policy