The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
ask the vendor Build a "Culture of Security" name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tom DeSot company . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Digital Defense, Inc. website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . www.ddifrontline.com You've read the headlines. Recent research and staggering statistics tell an alarming story about the threat and incidence of data breaches to businesses. In addition to the precautions that organizations take to protect their networks from attack, it is essential that they effectively educate their employees to fend off the attacks that target the human element. Consider these statistics… • 855 – Data breach incidents in 2011 • 174 million – Number of compromised records across data breach incidents skyrocketed in 2011 (Source: 2012 Data Breach Investigations Report, sponsored by Verizon©) __________________________________________________________ • 50% of IT security practitioners reported sensitive personal data in their company's databases and applications had been compromised or stolen by a malicious insider, such as a privileged user (Source: Safeguarding Data in Production & Development Study, Ponemon Institute©, June 2012, sponsored by Informatica©) __________________________________________________________ • 39% of incidents involved a negligent employee • 39% of organizations had a data breach as a result of a lost or stolen mobile device, which included laptops, smartphones, tablets and UBS drives that contained confidential and sensitive information (Source: 2011 Cost of Data Breach Ponemon Institute© Study, March 2012, sponsored by Symantec©) __________________________________________________________ Employee training offered during new-hire orientation sessions, on employment anniversary dates or even as an annual requirement is simply not enough. In today's environment, security training must be able to break through the information overload commonly experienced in every workplace. Further, the content must remain top-of-mind with employees in order to prevent successful engineering attacks. What can you do to mitigate these threats? Build a "culture of security" through a holistic approach utilizing network and environmental security assessments, decisive security intelligence and security awareness education. Tips for an Effective Information Security Awareness Program • Depend on certified security awareness professionals for your program or course content. Don't rely on a homegrown program that can become outdated quickly. Engage a supplier who has the expertise and capability to provide the latest information on how employees can be a key to keeping organizations secure. • Make sure the curricula or courses are fun, engaging and memorable. Most information security training lacks the "stickiness factor" required to achieve a lasting effect. Employees can quickly lose knowledge and fall back into old habits regarding password development, physical security, device protection, etc. • Conduct regular training. Require regular, periodic training for every employee, whether on-site or remote. • Make delivery of training convenient for employees. Given the increasing number of employees who work outside of the traditional workplace, an information security awareness program needs to be mobile and accessible. Employees must be able to access the course from a laptop, iPad, smartphone or other such device. • Create a "culture of security" throughout your organization. It is not enough to be compliant with policies and regulations. You must create a higher level of awareness and change human behavior to help minimize your risk. • As you evaluate your efforts to strengthen defenses against the risk of data compromise or breach, be sure your security awareness education is a key element of your strategy. Don't end up in the headlines! 30 Peer to Peer