Data protection planning and execution is a lot like squeezing a balloon: just as technologies improve – the attack surface shifts. Improve your information security infrastructure to defeat the newest technology-based attacks and suddenly your employee’s become the target. The fact is your organization’s most sensitive data is only as secure as the weakest link, and today, that’s your employees.
You’ll always have to keep up your defenses against the latest attack vectors. But when is the last time you upgraded your awareness training? You can do something that makes a difference to protect your organization by implementing an employee awareness program that truly changes behaviors and creates a culture of trust. Let’s take a look at two key insights that highlight the role that trust plays in reinforcing your security efforts.
1. It really is about the culture
According to a recent survey conducted by Sophos, an astounding 96% of IT professionals don’t trust their end-users any further than they can throw them – at least where security matters are concerned. And who can blame them when employees hold doors for strangers, click on phishing e-mail, and fail to protect both confidential and personal information? When IT doesn’t trust employees, it’s a good sign that protecting information just isn’t embedded in the company’s culture – and what’s culture but a collection of attitudes, behaviors, and habits? Logically enough, the key to changing culture lies in changing behaviors. That’s the job of a proper security awareness program. Well-designed awareness training and reinforcement program helps build security-minded habits and behaviors, and in turn starts to shape a culture of trust that is so vital to the health of any organization. It turns out that something as simple as developing proper security-aware and privacy-aware habits can actually serve as a catalyst for building trust and, ultimately, a better-performing organization.
2. It really is about the business
If 96% of IT pros don’t trust employees to protect information, how do you think customers feel? Chances are, they are picking up on the same clues that show that security isn’t part of the company culture—and potentially deciding to take their business elsewhere. The problem, of course, is that the IT department is no longer the gate through which all sensitive or protected information flows. Security and privacy protections are diffused throughout the organization and very much out of IT control. But if every employee consistently performed in ways that kept security top of mind, that would be communicated to customers in ways that would build trust. Trust breeds loyalty, and a loyal base is the surest path to sustained business growth.
Here’s what the 4% of IT pros who do trust their employees have figured out: when you use awareness training that focuses on building security- and privacy-aware behavior, you start to change the culture. In a culture where everyone aligns around the protection of information, there is a high degree of trust, and that trust brings huge benefits both inside and outside the organization. It’s as simple as that.