Regardless of which industry you’re in, there is no escaping data in any form. Data management can be a company’s key to success or downfall. This has given rise to a number of firms offering everything from document management services to web security. However, the one factor these establishments rarely address is the human factor.
Case in point would be the recent data breaches caused by human error in the realm of healthcare. In an article from HealthData Management, Brian Evans writes about security awareness, and points out that the best security measures are ineffective if those involved aren’t conscious of their importance.
“But some of the biggest organizational challenges don’t originate from technology. They reside within management, through the higher-ups’ tone and attitude and the example they set by not consistently promoting a “security-aware” culture nor ensuring that clear, enforceable policies and effective awareness and training is established.”
This definitely applies to any industry which deals in customer verification and interaction. Customers need the confidence that their information is in safe hands, or they may just go elsewhere. The entire staff (not just the front liners) need to make safeguarding sensitive data second nature. This would definitely go a long way in preventing the proverbial “honest mistakes”.
“The goal of an information security awareness and training program is to stop these errors from taking place by educating users on their responsibilities for ensuring the confidentiality, integrity and availability of information as it applies to their roles within the organization.”
It is noteworthy to mention that technology is constantly evolving, so regular updates and refresher sessions on security policies need to be implemented. Some document management companies like Spectrum Information Services can include this in their service contract, but it’s best to clarify this with your consultant.
“Initial and annual awareness and security training must be mandatory and should be followed up with ongoing training that includes new and emerging threats. When it comes to security, one thing is absolute: Change is a constant.”
It has been said time and again that knowing is half the battle. There is much truth to this, especially in the war against information theft and corruption.
(Article Excerpt and Image from Building A Security-Aware Culture, http://www.healthdatamanagement.com)