Even if your company has strategies in place to handle malicious attacks on your security, you may still be at great risk for insider threats. Why? According to a Forrester study, “insiders” were involved in 39 percent of data breaches—of that 39 percent, 27 percent came from inadvertent misuse of data by employees, making your Human Resources Manager as important to your security as your Facility Security Officer or Chief Technology Officer. Here’s why:
Employees are often reluctant to embrace what they don’t understand. As talented as your tech team may be, when it comes to training mainstream employees they tend to use language and situations that are not always easy to comprehend and are not relevant to their day-to-day work. Your Human Resources Manager will be able to keep the training focused on the basics such as password management, how to keep devices and laptops updated and permissions needed for data access—this makes it easy-to-understand for everyone. “We’re teaching users that the security equivalent of simply washing your hands is simple, effective and easy to do,” says Mike Hanley of Duo Security.
Training isn’t a one-time activity. You should create several training programs that address various security topics. For example, spend time educating users how to spot suspicious links, how to keep their mobile devices secure and the importance of backing up data. Your Human Resources Manager is trained on creating such programs that build-off of one another and leave employees well equipped to do their job in a secure manner.
Communication is key. Whether there are changes in the security landscape or just basic reminders of the knowledge learned during training sessions, effectively communicating the information to employees is key. From newsletters to mass emails, your Human Resources Manager will know the best channels to use to convey the information your tech team needs to share. In addition, they will be able to track employee improvements—offering positive feedback to those who are finding success.
As you continue to put your internal security strategies into place, do not forget to include Security, HR, IT and Legal as they are often some of your best weapons against insider threats.
Diane Griffin
Security First & Associates
www.securityfirstassociates.com