When it comes to better information security, every company needs to invest in its people – starting with the board.
Human error (and systems glitches) caused nearly two-thirds of data breaches globally in 2012.
The majority of the breaches could have been prevented with a holistic, organisation-wide approach to cyber security. It turns out that people, the most valuable resource, are invariably also the weakest link. So every company needs to invest in its people and this starts with the board.
When it comes to the life blood of an organisation, its critical business information, there is often a distinct lack of collective education, training and focus to support a company’s business objectives, as well as suitable ICT products to use.
How do you make sure staff are no longer a liability?
Training is really important but it’s no good rolling out the same set of training to every member of staff. The debate and conversations around skills shortages in digital security are alive. The Institute of Security Professionals have called for employees to transfer existing talent taken from the work pool. Training should be tailored to each level and needs of the organisation from the Board to the office floor and has to be sustainable, continuous and has to be interesting.
It has to be part of the culture and strategy which needs to be planned and embedded into the organisation. It is important to note that training is not a quick fix solution, organisations need to couple cyber security training with a strong cultural change strategy.
Training should be personal and apply to the home life rather than just business as people more invested in home life. The context of why training has been put in place is key and the understanding of why the rules are in place.
Edward Wolton from Templar Executives contributed to the IT skills gap panel with BCS this week. To listen to the webinar and to see what the panel had to say click here