Whether your business has 1, 101 or 1001 employees, each person must understand the role they play in protecting the organization’s informational assets.
Here are a few examples of how a single employee can trigger informational loss:
- The employee mishandles sensitive information, such as disposing of it improperly, posting it publicly on the internet or mailing it to the wrong recipient
- Paper or electronic files containing sensitive information are lost by, or stolen from, the employee
- The employee unwittingly gives a malicious outsider access to a company device or the company’s IT network
A lack of security awareness training could lead to lost business, legal fees and even law suits. According to InsideCounsel.com:
"Data breach lawsuits come in a variety of shapes and sizes, in both federal and state court. They range from large class actions to those filed by a single person and are filed not only by consumers, but also by banks, credit card companies and other financial institutions. The most prevalent data breach lawsuits are filed by breach victims and involve causes of action for negligence, breach of contract, negligence per se, unjust enrichment, breach of fiduciary duty, unfair deceptive trade practice, and injunctive relief or specific performance. Plaintiffs in such lawsuits typically seek damages for unauthorized charges, damage to credit, cost of credit monitoring, cost of replacement credit cards, time and expenses incurred to investigate, anxiety and emotional distress, unjust enrichment damages, and an increased risk of future harm."
Implementing security awareness training is critical so that costly information-security errors are less likely to occur. These programs can include classroom-style training sessions, security awareness website(s), helpful hints via e-mail and even posters in the workplace.
It’s also important to conduct annual “refresher” sessions, because the tactics data thieves use are constantly changing, and because employees can tend to relax their vigilance over time.
Written security policies and procedures support your organization’s security awareness efforts as well as its response should an incident occur.
Unfortunately, SMBs in particular often find it challenging to create—let alone maintain—these policies and procedures. In a recent ControlScan survey on Payment Security, only 36% of SMB respondents said their organization had an incident response plan in place.
If your organization doesn’t have a written security policy, there are several online resources that can help you get started. Here are a few good examples:
If you’re interested in learning more about the benefits of Security Awareness Training, please request more information. We are happy to help.
Be sure to subscribe to this blog for additional tips and webinar announcements.