To Stop a Breach: 4 IT Security Awareness Program Elements to Help Prevent Data Breach
Data breach: two words that strike fear into the hearts of CSOs and security professionals everywhere. And why? Because data breaches lead directly to lost customer trust, huge costs, and—all too often—lost jobs!
This phrase has seen no shortage of play in the media recently. Industries as varied as entertainment (Sony Pictures Entertainment), banking (JPMorgan Chase), and healthcare (Premera Blue Cross) have all experienced massive data breaches within the last two years.
A Ponemon Institute report released earlier this year brought the cost of data breaches into context, claiming the average total cost of a data breach in 2015 was $3.8 million. That’s a 23 percent increase over the past two years.
“Enterprises need to be prepared and employ world-class services that address threats across each aspect of their business so they can build a strong security posture that reduces costs, improves service and manages risk,” writes Ponemon Institute Chairman and Founder Larry Ponemon in an article summarizing the institute’s recent study.
4 Key Features of an Effective Security Awareness Program
Information on how to prevent data breaches is ubiquitous on the Internet. And undoubtedly, many of the companies with the largest breaches in recent years had tools in place already. As we’ve argued before, however, the mere presence of tools is not enough. Installing a security system in your home is a waste of money if not every member of your family knows how to use it.
This is where an effective information protection education program makes all the difference. Such a program should include:
Adaptability: Education is most effective when it’s tailored to your end users. Courses should be customized for each employee role that handles sensitive data.
Engagement: Employees should be able to interact with their education courses, rather than just passively observe. Education experts agree interactive learning leads to better engagement.
Assessment: What your employees don’t know can hurt you. An effective program should begin with a knowledge assessment to find out what needs to be taught most. Assessment should happen afterward, also, to ensure what your employees learned stuck.
Reinforcement: The program should not end when your employee pushes the “Finish” button. Regular and ongoing reinforcement—with articles, videos, posters, games, etc.—can ensure that your core security and privacy principles become part of your organizational culture.
We know that humans continue to be the weakest link in the data security chain. And just as the little Dutch boy of folklore was the only one preventing a breached dike from flooding his beloved village, individual employees are often the ones keeping your data out of the hands of cyber attackers.
To be sure your employees are prepared, you need security awareness programs designed to educate, raise awareness and change the behavior of your staff—from entry-level to executive.