How’s this for a surprising statistic? A blogger reported that it’s not uncommon for employees to forget up to 90% of what they are taught in employee training in just one week.
While there’s controversy around whether organizations are investing enough in information security training in the first place, the blogger helps to highlight the importance of on-going office security awareness.
Negligent employees (who accidentally expose information or lose a device in some way) accounted for 43% of data breaches in the workplace, according to the 2015 Symantec Internet Security Threat Report.
The Ponemon 2015 Cost of Data Breach Study estimated that the average cost of a data breach was $3.8 million, which is a 23% increase since 2013. Globally, the average cost of each lost or stolen record containing sensitive information was $154.
While structured employee education delivered in seminars and interactive online programs is fundamental, workplaces can help reinforce the importance of secure work habits in other ways.
Here’s an checklist to help improve office security:
- Commit to a Culture of Security: First and foremost, there needs to be a comprehensive office security policy. One important factor that makes a difference is whether the behavior is modeled by senior executives all the way down, said Siobhan MacDermott of Ernst & Young, a professional services firm that works with boards and senior management to set up security awareness programs, in a csoonline.com article.
- Make it news, and make it real. Provide constant news about different aspects of information security in internal newsletters and on intranet news feeds. For the best retention, learning experts say that keeping information short makes it more digestible, and communicating on a personal level is important too. For example, talk to employees about how they maintain privacy in their personal lives… and help them transfer those values and strategies to the workplace.
- Use visual cues: Hang up reminder posters in common areas such as the cafeteria and the photo copy room. For example, a series of free, office security posters from Shred-it targets common workplace errors that increase the risk of a data breach. (“Don’t delete. Destroy!” reads one; “STOP! That should be shredded.” reads another.) Use screen savers or email signatures or headers for these kinds of messages too.
- Post it online. Blogs and vlogs are now essential social media hubs – and a great way to reinforce information security messages.
- Embed it: Make security best practices a seamless part of daily tasks and interactions.For example, create a process so that all new company devices are pre-installed with data security software, privacy filters, and an automatic email reporting tool as a safeguard against phishing. Partner with a document destruction company that provides locked consoles and on- or off-site shredding. Implement a Shred-it all Policy,which stipulates that all documents are destroyed when they’re no longer needed.
Knowing exactly where a workplace could be vulnerable is an important step in office security and safeguarding all the confidential information that resides there.