In this age of cloud computing, emerging technologies, big data and personally identifiable information, it is absolutely essential for companies to train staff about data privacy and security. Some things can be easily overlooked.
Data security awareness is not just for techies or IT gurus. All staff should be trained about data protection and safeguards applied.
It is imperative that everyone across the board is given some training about keeping personal info personal and not shared with unauthorized persons.
Is it easy for a breach of corporate data or unauthorized access to take place?
Here’s an interesting example:
Employee X uses his company equipment/iPad/Notebook at home to work remotely but walks away for a few minutes without locking it with a password. His teenage kid grabs it, goes on the Internet and starts downloading prohibited content to the company system or views unauthorized content. Assuming the damage is huge and it affects or compromises business or even client data – who is liable? What should be done to that employee? Are the few minutes of nonchalance worth the consequences?
I must commend healthcare and financial industries for taking data privacy and security seriously. At the moment, I don’t have the statistics on which industry is heavily pursuing data privacy training for all staff.
However, I must say it again – if you haven’t done so already, (and this isn’t just for the HR Director), CEOs, COOs – take this seriously – HIRE a CPO(Chief Privacy Officer) to ensure that you are covered on all angles. With emerging technologies, increase in big data and growth of cloud computing, you can’t afford to take chances.
What are the simple steps to ensure data privacy?
- Train your staff. Have monthly recap meetings if necessary. They don’t have to be lengthy but it helps to keep data privacy on their minds. In my humble opinion, it is better to have several training sessions than an annual one which staff easily forget.
- Create a check system (audit logs) where certain people have access to specific types of information, a log of when they checked it and where they accessed. It shows when people are snooping around looking for info not relevant to their job. Whatever you do, don’t ignore network logs. As they say, prevention is better than cure.
- Encrypt. Encrypt. Encrypt. And that’s all I have to say about the word.
How do you capture staff attention?
Personalize the issues and potential risks and you will get them talking (and possibly walking the talk). The bottom line is this: train your staff about the importance of securing personal data and working in a risk-free environment.
Photo courtesy of stock.xchng