Data security in government hit the headlines again this week, with one clear message; employees continue to pose the biggest threat to an organisations data security. Public confidence in the government handling of data is at an all time low, industry watchdogs have raised serious concerns over the future of data security and Governmental reviews have highlighted the problem as “….an absence of proper awareness and training among staff and confusion on the ownership and guardian of data.” But the data breaches keep coming, which begs the question, is managing User Awareness a bridge too far for the Public Sector?
This could possibly be the case, but it is a bridge that will have to be crossed, and soon, as significant fines and penalties are around the corner. The Information Commissioner has sent a clear message that substandard data handling will no longer be tolerated. The cornerstone of any successful Information Security strategy has to be the participation, accountability and awareness of ALL users in an organisation. Technology, systems, regulations, all play an important part, but, as recent times have painfully illustrated, one human error, one simple mistake can bring your IT Security crashing down around you.
The complexity of the problem is daunting, but the solution is delightfully simple, according to one industry expert, Robbie O’Brien, CEO of Metacompliance.
“How can government guarantee employee participation across multiple sites, multiple user types and various 3rd party contracts? One word, Automation.”
Automating IT Security Awareness activities has been proven to increase User Awareness levels by over 30% in the initial 3 months of a project, figures that are unachievable by any other means. This in itself would be a huge benefit to Government organisations, however, deploying a sophisticated Automation solution brings additional benefits:
During his keynote speech at this year’s RSA conference, Information Commissioner Richard Thomas outlined 3 main areas of focus that he believes will allow Government to take control of data security. These three areas, ensuring the right policies and procedures are in place, getting the technology right and focusing on people and behaviour, are all easily addressed by Automation, in fact can only be successfully addressed by Automation. And it is imperative that these are addressed now. Developments in technology mean that increasing amounts of our data will be stored and accessed more cheaply and easily, and this poses a very real threat to data security. Engaging employees in an ongoing, interactive communication, achievable only with the use of Automation, is the one way to ensure that they are both aware of their responsibilities in handling our data, and accountable for their actions should they neglect these responsibilities. The message is very clear, the taxpayer won’t tolerate lax data security any longer, and the Information Commissioner has the teeth to prove it.
Join Metacompliance for a 30 minute webinar
How Automation can help organisations increase, measure and sustain User Awareness across all users, to deliver on IT Security objectives.
Title: IT Security Awareness – Where to Begin, How to Measure and How to Sustain User Awareness
Date: Wednesday 3rd December 2008
Time: 1.00 – 1.30 pm GMT
Register Now or call Tara Hutton on 0207 917 9527 for more information.