Robert O’Brien, CEO of MetaCompliance, recently hosted a webinar called ‘Hardening The Human Firewall’ in order to provide organisations with advice on how to reduce information security risks. Below is a summary of the main points raised during the webinar.
Challenges of the human factor
The way in which businesses operate has changed. In todays digital age organisations face the challenges of employees working on mobile devices, either from home or in public places. Both internal and external users have the potential to pose information security risks.
Rather than investing in expensive solution to protect their information assets, organisations need to start seeing employees as active members of their digital security strategy.
Employee Education
In order to enlist employees as part of your organisations robust human firewall, you need to effectively communicate your policies and procedures.
During the webinar a poll was taken in order to see to how companies share their policies with staff, the results of which can be viewed below:
As you can see, the most common ways for organisations to convey policy information to staff is via internal Intranet or Email. The method of using paper is now non-existent.
Despite the popularity of the approaches listed above, your employees need to engage with your policies in order to integrate them into their daily routine. A successful technique is interactive eLearning, featuring new media such as videos, webinars and podcasts. By making compliance more appealing, understandable and relevant for your employees, they are more likely to act as an effective firewall.
Reinforcement
Once you have educated you staff, the message of compliance needs to be reinforced. The key to strengthening your employee’s ability to reduce risk is to ensure that your policies are at the forefront of their minds.
MetaCompliance provides a number of free compliance awareness posters, focusing on social networks, the protection of private information, faxing best practices, mobile working and the principles of data protection. These posters can be used as an effective reminder for staff of information security breaches.
If you want to communicate to your staff that information security is an important issue throughout the company, hold an annual awareness day. If you include the presence of managing directors on these days, your employees will recognise that compliance is a key priority.
In order to control potential risks, policies must be put in place. But these policies must be understood by your employees and put into practice, and they must acknowledge and accept their own accountability.