With October being National Cybersecurity Awareness month, Joan Goodchild asks on DarkReading, how many security managers are asking employees, “Why is our data worth protecting?”
A good question.
“While the organization may claim to care about security,” Goodchild continues, “do those within it understand why? Do they know what is truly at stake should a breach or security incident occur?” All this may not be exactly obvious.
“Require employees to take engaging and continuous security training that both educates them on your company’s security policies but also sets a tone that security is important to the company and its leadership,” Roland Cloutier, corporate vice president and chief security officer at ADP says. “This can be done by email, blogs, intranet postings – anywhere employees are looking. The tone should be light, engaging, and focused on storytelling.”
The aim should be to ingrain the importance of protecting the security of corporate materials as second nature to employees. And that’s not necessarily easy.