User Awareness of Information AssuranceIn today’s global environment, developments in technology have allowed businesses to reach a wider audience. This has brought benefits, such as increased customer base, global suppliers, economies of scale, however it has also brought significant risk, not least to Information Governance. Data, the lifeblood of every organisation, both public and private, is more at risk than ever before. Data is a valuable commodity, one which criminals can make high profits from and the loss of which can damage a business in many ways.
Employee Behaviour: The Internal Threat to the Security of Information
Many organisations have invested in technology to protect the perimeter, however as recent headlines have clearly shown, they have overlooked the single biggest threat to the Security of Information, People.
within your organisation
The majority of major data breaches that have occurred over the past 18 months can be directly attributed to employee behaviour, an inability to follow policies and procedures that has had catastrophic results; millions of personal records being compromised, a plethora of government investigations, heavy fines and sanctions, continuous media coverage and reputational damage.
Your employees are at the root of effective Information Governance, and without making them aware of their responsibilities with regards to the guardianship of data, you are placing your business at increased risk of a data breach. The UK Information Commissioner, Richard Thomas, sets out a model for Information Governance which places employees at the core of information security.
Source: Information Commissioner Keynote Speech RSA Conference
Automate User Awareness with MetaCompliance to increase the
All major regulatory frameworks, such as ISO 27001 and PCI DSS stipulate that ALL users must be included in IT Compliance initiatives. Organisations must ensure that employees read and understand policies and procedures relating to IT Security, and be able to evidence this in order to achieve compliance. This is an impossible task without the help of automation.
Security of Information
The MetaCompliance unique self certification technology places the responsibility for the security of information directly at the feet of the employee, where it belongs. MetaCompliance Survey and Risk Assessment allows organisations to measure the IT Security posture in real time, and test user understanding of mandated policies and procedures. MetaCompliance reporting provides the detailed information required to put in place effective remediation that will help improve the IT Security posture and bring the organisation in line with IT compliance.