We have all come across scenarios throughout our lives where we have something we know we should be doing but decide it’s not quite a pressing issue- that is until it goes wrong, horribly wrong and we end up wishing we’d done something sooner. This is true for many things; from a car with a slow puncture, a tooth with a wobbly filling or the age old classic of leaving an assignment until the day it’s due. These things don’t NEED to be done immediately, that is until the tyre blows out, the filling comes loose or the assignment becomes a rush job. We have all been there, procrastination at its best.
The same unfortunately is often true for organisations who see the need for user awareness around information security and Compliance as something that needs to be sorted out, just not right now. This attitude much like in the other scenarios is fine until something bad happens. An incident or a breach often leaves organisations wishing they had taken appropriate preventative action much sooner.
An ongoing, relevant and up to date staff awareness program will not only help to mitigate the risk of fines and breaches for the organisation but does in many cases help to educate the employees around topics that will help them in their day-to-day lives. Teaching end users the importance of being alert to social engineering and phishing scams is great for helping to reduce the risk that someone will give away important company information or download malware. It also acts to help the individuals protect themselves in their personal lives.
Creating awareness and educating people will encourage them to think twice about the email regarding a long lost relative’s Will or the credit card email that needs them to confirm their PIN. Presenting the importance of information security to users on a more personal level greatly increases the likelihood that it will stay in the forefront of their minds, in turn becoming desired behaviour.
A proactive approach to user awareness helps to avoid the age old scenario of “closing the door after the horse has bolted.” Thankfully we have seen an increase in companies taking a more hands on approach with regards to user awareness, it should no longer be a “would like” but a definite “must have.” What is your organisations’ approach? I would recommend that companies take action before it’s too late.[su_box title=”Belinda Doherty Customer Account Manager at Metacompliance Ltd” style=”noise” box_color=”#336588″]
Metacompliance Ltd develops Policy Management and User Awareness Software for Business and Government. Our innovative solutions automate the explosion of Compliance regulations and I.T Security awareness.
The MetaCompliance suite of software has been designed to ensure that Compliance awareness campaigns and I.T Security initiatives are adopted, understood and available to management in the event of a Compliance failure or I.T Security breach.
Our extensive client list includes various private sector companies, as well as a wide range of NHS Trusts and Local and Central Government agencies. The MetaCompliance solution helps such organisations to tackle their policy and compliance issues, including areas such as PCIDSS, ISO27001 and the DPA.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.