Better Information Security Starts with Better Behavior
It can be tempting to suggest that information technology has the answer to all our business solutions; but while IT undoubtedly has a key role to play in keeping your business information safe, it’s by no means the ‘silver bullet’.
It’s a sad fact that, even with the most advanced hardware and software, there remains one consistent weak link across every business – the people who work there.
According to recent research conducted by Microsoft, 63% of intrusions into company networks are the result of compromised user login details, and it’s hard to be surprised. Over the years, we’ve seen too many people take a risk with their data through poor behaviour, from the seemingly harmless sharing of passwords when staff members go on holiday, through to senior executives being “too busy” to upgrade the software on their laptops.
It seems that companies and staff just aren’t getting the message that information security really does start with the individual. Most of us would describe ourselves as digitally-savvy – most readers of this blog will likely manage large parts of their lives from their mobiles and laptops – and yet, when it comes to keeping our data safe (not to mention the data of others) many of us will take the easy option, re-using passwords across multiple sites, or using one that’s easy to remember.
The good news is that, unlike some technical exploit, we don’t need to wait for a security patch to improve our risk levels. We just need to change our behaviours. But how?
Everyone needs to feel ownership
Staff across the business need to be accountable for their security decision making. That means they understand why they need to change their behaviour and they are praised or corrected based on their decision making. Applying InfoSec simply as a “rule” imposed by senior management is no way to win hearts and minds.
Help them make the right decision
In the work environment, in particular, staff simply want to get on with their jobs. Making IT security easy for them will facilitate more secure behaviour.
Lead by example
As we said at the top of this piece, security is EVERYONE’s responsibility, and that goes for those at the top of the organisation just as much as those lower down. If staff know that their leaders are practising what they preach, they’re more inclined to follow by example.
All of the above can easily be achieved if you make security awareness a key part of your staff development. Formal training, supported by regular updates and reviews ensure that correct security behaviours remain front of mind across the company and that, over time they become embedded in your corporate culture.
Independent research has shown that there is a direct correlation between awareness training and security improvement. In our view, it should be a part of every company’s security plan.
Conosco’s InfoSec team help our clients take a wider view of security, encompassing both technology and human behaviour. If you’d like to discuss training for your team, or understand more about our security services, please reach out through our contact us page or by calling 0345 838 7680.