Security awareness programs help you uncover and fix problems
I love hearing how our cyber security awareness services are helping organizations become more secure. Security awareness is often implemented for compliance reasons so when a client tells me they were able to mitigate an issue that would have been an audit finding or caused an information disclosure or data breach, it makes me incredibly happy.
Something we tout is that aware employees become extensions of your security team.
One of our clients presented our training materials in-house and utilized the in-person presentation time to have a dialogue. Imagine his surprise when during the topic about shredding sensitive data ASAP hands shot up to let him know that they actually don’t do that. There is a legitimate business reason why employees must keep original documents with PII for at least a week: During the processing of the data, reports often need clarification/correction from the source document. Therefore, PII is left in shred bins for up to a week. The shred bin is placed, unsecured, under their desks. Anybody who passes by has access to this unsecured PII.
Because this issue was identified during cyber awareness training, a solution was quickly presented that met users’ approval. (Lock the shred bins in your desk when you leave.)
Technology staff cannot know the detailed workflow for all users in their workplace.
Creating that dialogue about security is vital to overall information security.
A quick review about information security goals:
Keep information that should be private, private. (Confidentiality)
Keep information from being changed without permission. (Integrity)
Keep information available when needed. (Availability)
We are a security awareness and training company, but we see our mission as helping technology and users work together to keep information and systems secure.
Leave a Reply