One thing that many corporations tend to forget, though, is that organizational information security is a vital board responsibility. Direction must come from the top down.
So, how do you explain information security to those in HR, admin, marketing, sales… basically anyone that isn’t in IT? I guess here at IT Governance we’re an exception to the norm: all employees live, breathe, talk, and write information security best practices. It comes out of our very being.
For many companies, though, information security is limited to the IT department, but for effective information security to really take place, all employees should have a basic understanding.
These five quotations will help explain information security to beginners:
“Don’t say anything online that you wouldn’t want to see on the side of a bus.” – Anon
“You wouldn’t dream of leaving a brand new car unlocked and unattended in the same street as Thieving Keith the Car Thief, yet when it comes to computers, many of us do something very similar.” – Techradar
“Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace. We rely on this vast array of networks to communicate and travel, power our homes, run our economy, and provide government services. Yet cyber intrusions and attacks have increased dramatically over the last decade, exposing sensitive personal and business information, disrupting critical operations, and imposing high costs on the economy.” – Department of Homeland Security
“Phishing – tricking a user to visit a site to enter personal information and passwords or download malware – is the most common attack. So check any link you receive in e-mail: read the URL and underlying html, don’t click on it!” – ICIJ
“Passwords are like underpants. Don’t let others see them, change them regularly, and don’t loan them out to strangers.” – Anon
Getting your employees on board
For the case for an organization-wide, fully supported IT induction and information security awareness program, read IT Induction and Information Security Awareness. It offers practical advice on how to develop an IT induction program for your staff that can help safeguard your business information. By providing your employees with simple instruction in good IT working practices, and by making sure they know what is expected of them, you can strengthen your company’s information security and reduce the risk that your data will be stolen or lost.
If you would like to go a step further, let your staff take an e-learning course on information security staff awareness. Using non-technical language, this 40-minute course uses simple, relevant and informative content to deliver fundamental training on information security best practices. Find out more >>