September 17, 2019

How to Make Information Security Part of Your Employee Culture

With this seasonality change, employees are tasked with corporate planning, recruiting and executing new corporate initiatives. As part of your corporate planning, this could be a beneficial time to also reframe the way employees feel about security awareness.

To help, Shred-it has identified three ways to make information security a part of your employee culture this fall.

Introduce employee training on information security throughout the year.

With the hustle and bustle of every day life, it is easy to neglect data protection best practices. Competing deadlines combined with an ‘it won’t happen to me’ mentality all contribute to employees not prioritizing data security. An easy way to fix this problem is to ensure that all employees receive training throughout the year. Both HR departments and IT teams should hold quarterly lunch n’ learns where data protection best practices are communicated to all staff members. Alternatively, HR should make sure that all employees are provided with proper tools to make data security an easy part of their job. Providing staff members with locked consoles and lockers are all easy tactics to help employees reframe the way they think about information data security.
Findings from our 2019 Data Protection Report confirm that employee negligence – not outside threats - remain the number one leading cause of data breaches in North America. The damages from a reputational and monetary perspective can be extremely harmful to an organization. That’s why HR and IT departments must equip employees with the resources to make this an easy part of their daily routine.
Educate employees on the legal consequences of data breaches.

It is important to educate employees on the consequences of a data breach from a legal perspective. It should come as no surprise that we live in an increasingly regulated environment. With international laws, such as the General Data Protection Regulation, sanctioning companies with huge fines if a data breach were to occur – businesses must step up their game.
Does your workplace educate employees on the current laws and the associated consequences? Do employees feel comfortable navigating privacy regulations? Do they have access to legal counsel if they have any questions? If you have answered no to more than one of these questions, than your workplace needs to reevaluate their data protection practices. One solution is to hold open-office hours with your in-house legal counsel where employees can go and ask lawyers for guidance on how to navigate various pieces of legislation.
Remote workers and open office concepts all pose serious data protection threats.

Although there are many benefits associated with allowing employees to work from home, there are serious security risks that employees need to be made aware of. In 2018, our State of the Industry Report, now known as the Data Protection Report, revealed the risks of these types of work arrangements.
We are not suggesting that you not allow employees to work on their own terms, but what we are advising you do is to implement the training and proper policies that will protect your employees. Implementing a Shred-it all policy or a Clean Desk policy is one simple way to raise awareness of information security and keep employees happy.

For more tips on how to improve secure data recycling and sustainability, please visit the Shred-it resource centre.