Advisen, a cyber liability research firm, reports on a new trend among cyber security experts: optimizing employee education.
At TechInsurance, we've been saying the same thing. In order for data security to be effective, employees have to be able to spot potential attacks and practice appropriate user-level security.
Of course, this is easier said than done. So let's take an in-depth look at how client education can be improved and what resources are available to help an information technology consultant.
Why Users Don't Take Data Security Seriously
It's helpful to think about data security from the perspective of an average employee. The average employee knows a few basic things about data security (e.g., that it's important to have passwords with a combination of letters and numbers), but beyond that, they have to learn about protecting their company's data in two ways:
- IT training seminars. While training sessions are great, many employees see this as an interruption in their daily work (or a chance to get some free coffee and zone out for an hour). Training seminars can be very effective, but as with any class, the success of a training program doesn't merely depend on the content of the lecture – it depends on how well you (or the company's IT staff) are able to teach the material.
- Institutional rules and restrictions (e.g., changing passwords, not using open Wi-Fi, etc.). Institutional rules and restrictions face another obstacle – they reinforce employees' perceptions of IT departments as the Internet police that restrict what they can do on a computer. This is why "shadow IT" is such a problem. Rather than follow the company's rules, employees will opt to use un-approved web apps, email clients, and other methods to do their jobs. Employees don't realize that by skirting the rules they expose the company's data to outside attacks.
In order for any IT training to be successful, you have to get your client's employees to buy into the restrictions you place and methodologies you prefer. How do you get their attention? Talk about the cost of a data breach.
Your Biggest Training Tool: The Cost of a Data Breach
A great way to wake up a client's employees is to emphasize that data breaches, phishing schemes, and cyber attacks can cost the company tens of thousands of dollars.
The next time you give a presentation or want to get the attention of your client's employees, use these facts about the cost of data breach:
- Home Depot spent $43 million in its third quarter while dealing with the cost of its data breach.
- After a phishing attack, businesses can be forced to shutdown temporarily to clean their network. During these shutdowns, the business can lose days' worth of revenue.
- Data breaches have extensive hidden costs like damage to a business's reputation, increased customer service expenses, and PR campaigns.
Part of educating your clients' employees will have to include getting them to understand that they play an active role in protecting the company's financial security.
Resources to Help IT Consultants Educate Their Clients about a Data Breach
Last month, TechInsurance introduced its Customer Education Packet – a free guide that you can distribute to your clients to teach them how to prevent data breaches.
The packet's daily checklist tool shows what a client and their employees can do on a day-to-day basis to prevent a data breach.
We started this blog by highlighting the industry's shift toward user-centered education as a way to mitigate data breaches. By distributing this daily checklist to clients, you can emphasize that in order to prevent data breaches, all employees have to buy into your strategy.