Make it easy for your employees to ‘do the right thing’

Despite the welcome announcement earlier this month that Dropbox has introduced two-factor authentication for users to apply a second layer of security to protect their files, this feature is a voluntary one, and, I have to ask, how many average online users will take advantage of this extra feature?

A lack of security culture is at the heart of many data breaches, and the use of Dropbox without applying two-factor authentication, in addition to not encrypting files before uploading them (using a solution like Sookasa), can still put your data at risk.

With services like Dropbox, Box and Google Drive growing in popularity, the ability to share data across the Cloud is highly valued, but at the same time creates opportunities for security issues to creep in.

An organisation may have all the security policies, standards, guidelines and procedures and still not be able to foresee all of the circumstances in which they are interpreted or applied.

Employee commitment to protecting an organisation is an essential component of a strong cyber defence. Having a strong security culture makes the difference between what an organisation actually does and what it says it does.

Security culture leads to greater employee and customer trust, consistency of results, better compliance with laws and regulations, and greater value creation.

By investing resources and efforts in your people and culture, your organisation can significantly improve its security and reduce the potential for a successful cyber attack.

Experts agree that social media and working from home are normal behaviour that is here to stay. A security culture should make it easy for employees to do the right thing.

Rather than avoiding the adoption of new technologies and behaviour, your organisation should look to find ways to enable employees to transfer information securely and protect your customer data, thereby minimising the temptation for employees to find shortcuts that make you more vulnerable to attack.

ISO 27001 supports the development and implementation of an information security management system (ISMS) that encompasses ‘people’ as one of the three essential cornerstones (the other two being processes and technology). By making sure people are aware of their role in information security – and how they can preserve it – you can significantly reduce the risk of a data breach.

vsRisk™ reduces the number of consultancy hours spent on risk assessments by providing you with a simple, smart and automated solution. Find out how vsRisk can help you with ISO 27001 risk assessments now.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.