Cultivating a strong security focus and culture in an organisation is critical to keep sensitive information protected in a business climate where the threat to information assets has never been so great.
People are integral to any organisation’s security defences, and keeping information secure cannot solely be left to information technology (IT) or security professionals, but must be a shared responsibility throughout all staff within an organisation. By creating a security culture, you empower users within the organisation so they are aware of their part in protecting information.
Organisations where employees are indifferent with the way they handle information will often suffer the impact of an information security problem. In the case of Boldon James customer DeltaCredit Bank, they found themselves treating all information equally, making incorrect risk assessments and either underestimating or overestimating the value of information.
In common with many banks that operate at the heart of national financial systems, DeltaCredit face ever increasing challenges with risk, compliance and data protection, and were looking to improve their organisational security culture by engaging their staff with the protection of highly sensitive information. By implementing a user-driven data classification solution, they were able to achieve both compliance and have a better visibility of what data they had, and how to protect it. Since the implementation, DeltaCredit’s security team have reported a transformation of culture in relation to IT security, where classification is now automatic for the users and has become part of their normal daily routine.
There are many frameworks available to organisations to help them achieve a security culture, and we certainly would endorse this approach, however only by empowering your employees to take an active and accountable part in the protecting of your data will you really harness their ability. It can also be made a fun exercise as some of our clients have found, where employees want to be involved in something new and transformational. Broadcasting security policy to your employees as a one-way process might appear the right thing to do, but without user involvement and engagement in the actual practice of protection at the outside, this usually results in failure. Like a good sports coach, empowering each of your team to be accountable for their role in the success of the team’s performance is key to a strong security culture. Get your employees on your team before it’s too late.
If you would like to find out more about how you can improve your security culture and increase data security awareness, register for our webinar where DeltaCredit’s CISO Alexey Lola will be discussing how they used Boldon James Classifier to increase awareness of data value, protect their intellectual property and build a stronger security culture.