Awareness Training and Risk Assessment – The Human Error
95% of all security incidents involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies” and “assuming their employees care enough to follow policy.”
Today, most organizations are required to follow some type of regulation. Almost all of us need to comply with PCI-DSS, but often that is combined with other regulations such as HIPAA. Employee security awareness and training in addition to vulnerable risk assessments reduces the time you need to satisfy all of the requirements necessary meet compliance goals, leading to significantly less time and money spent dealing with compliance and audits.
How do you Safeguard your data?
a) Have a Security plan
b) Educate and train users about security threats
c) Proactively monitor your IT network to root out exposed sensitive personally identifiable information(PII).
Organizations need to have a defense plan for each of the security layers that a cybercriminal can attack:
Physical layer – Set policies to ensure that only authorized personnel can access your devices)
Network layer – Set policies and procedures that only allow authorized employee devices, including BYODs (Bring Your Own Device), tablets, and laptops. Scan your network frequently to root out at risk data to decrease your vulnerable liabilities.
Human layer – Implement procedures to make your employees practice good password management and are aware and trained on security threats.
With the advancement of new variants and threats, every organization should create a “culture of security” where continual staff security training and vulnerability tests are conducted to create good security sense for every action your employee takes, therefore, mitigating any risk of data loss should a breach occur.