Choose your language:

Hong Kong
New Zealand
United Kingdom
United States

Data security training in the enterprise

September 16, 2013

The evolving cybersecurity risk landscape has put an increasingly heavy burden on the business world. While decision-makers pursue the most sophisticated IT services on the market in an effort to optimize performance and give their organizations the power to compete with other innovative firms, executives cannot lose sight of their security stance. Because even a minor slip-up can result in a costly breach that impacts efficiency and corporate reputation, businesses must be sure to prioritize cybersecurity endeavors.

Implementing robust data security technologies can be an effective method of eliminating software vulnerabilities that could cause long-term issues. However, the biggest problem most companies have regarding information protection involves employees. In many cases, individuals either simply don't know how to carry out mission-critical operations when robust defensive tools are in place or they actively circumvent best practices in an effort to make their lives easier.

Because enterprises cannot simply cut their employees off from their networks as this would halt operations, decision-makers need to consider another approach. This is where IT training programs can be helpful, as these initiatives can educate the workforce on the importance of following best practices.

A recent report by the IT security news website Dark Reading highlighted that enterprise executives must prioritize training around securing the four Cs: computers, connections, credentials and content. In doing so, businesses will be more likely to carry out long-term technological projects with fewer vulnerabilities.

Raising endpoint protection awareness
In today's world, the term "computer" applies to more than just the conventional desktop and its portable cousin, the laptop. Now, individuals have the ability to leverage smartphones and tablets that are often more powerful than their ancestors and can be used from virtually anywhere. While this may introduce significant productivity benefits for organizations, it also means that IT departments have to monitor a larger number of more diverse computing platforms than ever before, Dark Reading noted.

A recent TEKsystems report details how Bring Your Own Device (BYOD) and other strategies have propagated the use of mobile gadgets in the workplace and introduced bigger security concerns. In fact, a separate Acronis study found that roughly 60 percent of companies are vulnerable to BYOD risks. By implementing comprehensive training programs, executives may be able to set employees straight on their quest to use a variety of computing platforms for work-related purposes.

In many cases, the mobile phenomenon also ties into the second C, connectivity. Because individuals can use smartphones and tablets to access confidential resources from virtually anywhere, decision-makers must take steps to ensure employees know how to carry out these tasks safely and efficiently, Dark Reading reported. When individuals opt to work remotely, they must be aware of the risks that accompany connecting through unencrypted WiFi, failing to use VPNs or neglecting upkeep of firewalls.

Access control training
Getting employees on the same page regarding credentials is a critical step toward improving information security. These initiatives primarily involve the use of passwords and tokens to guarantee that the individual accessing highly sensitive information is who they claim to be. Dark Reading noted that executives should not necessarily invoke a sense of fear in the workplace, but instead implement measures that ensure individuals are aware of the worst-case scenario.

Enterprises may consider launching password training sessions that educate employees in using long and complex passwords and what constitutes a weak reference, such as a term that can be easily guessed or one that does not contain a combination of characters and symbols. Dark Reading highlighted the importance of teaching employees how to properly store content and ensure they apply the appropriate labels to it, such as "confidential" or "public." This will make access control and general data security initiatives more comprehensive and less prone to unnecessary vulnerabilities.

The cybersecurity firm Trustwave released a report revealing that passwords are regularly among the top reasons behind data breaches, with "Password1" being the most common login due to its simplicity in meeting the minimum requirements for a credential, as it is at least eight characters long and contains a number and capital letter.

As organizations increase their use of mobile devices and cloud computing, and workers access IT networks services through a multiple of new endpoints and locations, decision-makers need to take the time to ensure their security practices are up to date and that employees understand how they can safely use confidential resources without introducing unnecessary vulnerabilities. By deploying comprehensive training programs about the four Cs - computers, connectivity, content and credentials - enterprises can continue their path to technological innovation without having to slow down because sensitive applications and data were exposed. This proactive approach will allow firms to stay competitive and efficient as IT services evolve.

Blog Archive