Business security is so much more than just fitting security shutters to the windows and a sturdy lock on the door. Of course keeping unwanted visitors out, protecting premises against vandalism and graffiti are all important considerations, however, there’s much more to consider than a comprehensive CCTV system and functioning burglar alarm. We’re talking data security.
The risks business face are so much more than simply premises and inventory. Everyone who comes through the doors, staff, customers, and visitors have to be protected as does all the company’s sensitive data. Security screens and alarms keep burglars out, staff and security keep visitors safe from harm and also protect property, but what about data?
Data can be as valuable as anything else a business owns, but it can also be incredibly vulnerable. Staff generally know or can take an educated guess at user names and passwords, and there is a new media scandal every time a laptop or smart phone left in a cab or on a train by a government official. If ministers and their secretaries can go leaving such sensitive IT on public transport it’s certainly not unreasonable to think that a member of staff could leave an identical piece of equipment unguarded in the same situation.
Because we’re so connected and the fast moving world of commerce requires data to be at our fingertips at all times that creates risks for our data security. If everybody in the company has access to the data, is able to update it, share and use it, then there is much more potential for data breaches and poor security maintenance than if access was restricted to a few people.
Writing for the Law Society, Oz Alashe brought up five key points that everybody should be using when training staff-members about data security:
Reward Positive Behaviour
Just like when you’re training a pet, it’s far easier and pleasant if good behaviour is rewarded while poor performance is discussed and solved. Your staff aren’t stupid, and it’s humiliating to be punished for something you did wrong, especially if you didn’t know it was the wrong thing to do, so when engaging in IT security training bring a lot of carrots and no sticks.
Continue To Test Efficacy
Having one seminar and then failing to follow it up is a sure route to disaster. People forget, misunderstand, or find what they learned inconvenient or time consuming, so they create shortcuts, work-arounds or fall back into their original bad habits. Again, reinforcement, re-testing and rewards are key to getting staff to take on new data security procedures, and stick to them.
Tell a story when you’re training. Nobody wants to hear about “if you don’t to XYZ then 123 will happen and it’ll all be your fault!” Use a narrative to tell how a security failure,can come about, the potential consequences, what happened and what could have been done better. Use real examples of known brands who’ve had to learn the hard way about data breaches, unfortunately for them, but lucky for you there are no shortages of examples floating around on the internet.
Give Them A Scare, But Not Too Much
Fear is a great motivator, ever since we climbed out of the swamp fear has kept us alive, so it’s a valuable tool. However, use it too much and a variety of things can happen: You create anxiety so people won’t even engage with their IT because the fear of getting it wrong outweighs the advantages. On the other hand, staff become complacent. If they get something wrong and nothing happens they no longer fear the consequences and form a bad habit. Once the lax habit is entrenched, that’s when the consequences start! Again, this harks back to positive reinforcement. Tell your people what a great job they’re doing most of the time, but remind them occasionally, using a story, of what happens when things go wrong.
Make Use Of Independent Learning
You haven’t got to management level without realising that delegation is key, and people who take care of their own learning are more effective in finding what suits them and onboarding it. It’s certainly a more efficient method than rote learning or a dictation based pedagogical style. Give people the task of learning and you’ll find they learn much more than if you tell them directly what your want them to think. Not only that, but setting them to do their own study and research not only means they have ownership of their own education, they’ll always come up with something you hadn’t found out or thought of yourself. That’s the whole point of setting a team of researchers to a task after all!