It’s that time of year when many people start tripping up on their New Year’s resolutions like quitting smoking and getting fit.
In the workplace, it can happen with information security resolutions. While everyone comes back from the holidays feeling confident about following an information security plan, it can be easy to slip back into old habits that put information at risk.
What’s important to remember is that making changes can be tough whether it involves habits or procedures.To improve data security in an organization, changes have to be realistic and corporately supported, and security-driven processes should be embedded into the workplace.
- Invest in data security
- Provide an appropriate budget for information security.
- Create comprehensive security policies and procedures.
- Invest in up-to-date IT system tools to detect and reduce the risk of security vulnerabilities.
- Create an emergency response plan, and schedule practice runs so that all employees know what to do in the event of a breach.
2. Make security a company-wide initiative
- Information security is not just an IT department issue. Every company should have a Chief Information Security Officer (CISO), or other security officer.
- Create a culture of security that sets the tone from the top down. Make it clear that security is everyone’s responsibility – the board, executives, and employees.
- As part of the information security communication plan, check that all suppliers have security-driven procedures in place too.
- Take small but significant steps
- Do a security risk assessment to identity where the company may be at risk of becoming a victim of fraud or identity theft. Do this regularly.
- Provide on-going information security training. “About 80% of all the breaches we service have a root cause in some type of employee negligence,” said Michael Bruemmer of Experian Data Breach Resolution, in a recent post.
- Change behavior through procedure
- Implement a Clean Desk Policy.
- Create a Document Management Policy with clear secure document destruction processes. Partner with a document shredding supplier that provides locked consoles for easy disposal of sensitive documents. Introduce a Shred-it All Policy so all documents are securely destroyed when they are no longer needed and employees don’t have to decide which documents contain confidential information.
- Teach employees that digital information must be securely destroyed too. Contract hard drive and e-media destruction services too. Do not stockpile legacy hard drives.
- Create best practices for the mobile workforce. According to Ponemon research for Lookout, mobile malware costs an organization $9,485 per device. That research also showed that 63% of survey respondents have no policy about the type of company data their employees can store on their mobile devices.
- Make security an ongoing conversation
- Monitor and share privacy legislation that affects your business.
- As part of the information security implementation plan, designate security ambassadors in different departments.
- Use reminder posters placed throughout the office.
- Utilize the email signature to send reminders.
- Include data security tips and information in employee communications.