Investing in Personnel Security Awareness
25th May 2020
A chain is only as good as its weakest link. This is especially relevant to all of us as we need to ensure that every colleague fully understands their information security and data protection responsibilities. Just one can make a mistake which has serious consequences. The information security standard ISO27001 recognises this, and requires organisations to develop skills, training, awareness and competencies in this important area.
Not everyone has a natural passion for this subject, so we need to develop their understanding of how it impacts them – the positivity of gaining valuable customers, versus the consequences of losing clients, breaching contracts or making the news when data is breached. ISO27001 promotes training, awareness and competencies, which in our experience works best with a healthy dose of “carrot” before reminding employees of the “stick”.
Colleagues need to be encouraged to report both identified suspicious behaviour and their own mistakes – the organisation needs a culture where this is encouraged, and honesty not shrouded in fear or uncertainty. We can do so much more to mitigate, minimise and manage information security incidents if we act quickly, and waiting weeks for an investigation to identify who did what affects our ability to take control of minimising the damage. Let’s encourage them to attend training by making it informative, provide regular reminders of acceptable behaviour and check their buy-in through internal audits and spot checks,
At InfoSaaS, we combine intuitive activity workflows with clear and concise policy, procedural and training materials. Our customers need to be on the ball every day – dropping it may be game over.