Devizes-based Cardwave give their advice for protecting your organisation and customers by building a security-minded staff culture.
Your company’s security is an ongoing battle, loaded with new challenges as technology changes. No company is immune to being breached, regardless of the superiority of their security architecture.
With the new EUGDPR (EU General Data Protection Regulation) coming into effect in less than 18 months, bringing with it fines of up to 4% of global turnover (or €20 million whichever is greater), it’s vital that organisations take steps now if they want to avert a data security breach which could be costly to the organisation’s reputation, financial security and customer retention.
The domino effect following a security breach
Source: Deloitte CIO cyber security handbook
Statistics and surveys in 2015 and 2016 show that employee error is still one of the most common reasons for company data breaches. This means a breach occurred as a result of a mistake an employee made, e.g. losing a non-encrypted USB containing sensitive company data, opening up a phishing email, etc.
Companies must ensure security technologies and controls are in place to protect critical systems, customer information, and confidential data from being stolen on or offsite. Focussing on compliance alone is not enough, companies must also address their corporate culture, including employee attitudes about security, changing the way employees think about company information and their role in protecting it —this is a critical step in defending against security breaches.
In order for company culture to change, security must become rooted into the DNA of the organisation. Like innovation, security thrives in a company where the culture values it. Building a security-minded culture is not easy, however, taking the following steps will help:
Leadership: The CEO must establish the priority of data and system security within the organisation and communicate the importance regularly. Protecting information assets and intellectual capital should be incorporated into the business processes and be as top-of-mind as any other part of a company’s mission statement.
Change the mindset: For a healthy security culture to develop mindsets must change. Integrate different teams to create a collaborative relationship, instead of an adversarial one. Empower teams to work together to find solutions and manage risk. Innovation and creativity thrive in an environment where they are encouraged and rewarded and so does security.
Train and communicate: Protecting corporate assets is everyone’s responsibility, not just the job of the security team. For employees to adopt a security mindset, they must not only be aware of corporate security policies, but they also must understand what is expected of them and what threats there are. Security awareness training should be conducted regularly to ensure employees not only understand what they should and should not be doing with corporate assets, but also to provide guidance and direction if they need additional help. Involving the expertise of cross-functional groups in developing corporate messaging, management programmes, and awareness training initiatives will help gain buy-in from all groups and ensure the right people with the correct talents are involved in the process.
Building a security-minded company culture, where protecting company assets is as much a part of each employees job description as any other task, requires commitment from the top ranks of the company, concentrated effort from the management team, and consistency in execution. And while the effort may be difficult at first, the rewards in terms of increased protection against security breaches far outweigh any negatives.
To help get the process started Cardwave has produced a free guide for businesses: ‘Information Security Solutions Made Simple’ which contains a collection of information and resources to not only inform businesses of the risks of inadequate information security, but also offer some potential solutions.
The brochure covers areas where business data might be at risk and the consequences, as well as a security checklist businesses can use to highlight areas for improvement. Additional documents can be downloaded, including example templates for key policies, an information security questionnaire for employees, and essential information for hardware and software solutions.
Download the Information Security Solutions made Simple guide here:
A company’s data security is only as strong as its weakest link.
Prevention is better than cure – download the brochure and start the process of securing your business data today.