This page contains a Flash digital edition of a book.
media and the mobile world continue to in- fluence today’s growing business practices, learning how to avoid data breaches while using these new media safely is now not a choice for any business.


Canadian companies eager to educate their employees on the importance of safety and security can look in many di- rections for help. Once such place is In- formatica, a Toronto-based company that designed a course to support specific cor- porate security policies. The Information Security Awareness Certificationprogram provides corporations the assurance that employees who take part in the course will become more “security-aware.” Claudiu Popa, president of Informatica, believes it is important for employers to ensure that employees not only under- stand the security measures behind an organization, but that employees are ac- countable for the sensitive information they’re privileged to access. “Aside from that, it’s important to train employees on security for many reasons,” notes Popa. “The mobile workforce, for one, tends to take data off site much more often so when employees connect from home or any other location they need to be much more vigilant about data protec- tion than they are at the office.” Popa believes that companies can only rely on technology to protect their organi- zation up to a certain point. It was one of the main reasons that Popa and the ex- perts at Informatica designed the aware- ness program in the first place. “At the end of the day,” he says, “it’s as good as your weakest link so it makes sense to make that weak link as strong as possible.” Another who shares in that theory is Michael Legary, the founder of Seccuris, a provider of information security and risk management solutions for organizations across North America. For years, Legary and his team have known what it takes to ensure a company’s security and to have consistent dialogue with employees through training and education. “Accountability and impact mitigation — those are the two words that come to mind when I think about the most impor- tant things employees should take away from their security training,” says Legary. “I hope employees realize that it’s their daily actions that prevent the impact of se- curity threats.”


WWW.SECURITYMATTERSMAG.COM


KEY ELEMENTS OF A SUCCESSFUL SECURITY AWARENESS PROGRAM


Ongoing — learning and reinforce- ment tools increase effectiveness


Meaningful – combines elements for a complete program • Understanding why information security is important and why everyone within the organization is responsible, not just IT departments


• The reality of threats, vulnerabili- ties and countermeasures


• Applying security best practices to everyday tasks and applying them when using technologies for personal and workplace use


Measurable – assessment enables evaluation to ensure program success


Lasting – supports changes in behaviour • Sustains internal awareness through continual reinforcement


— Supplied by Symantec


In order to help employees realize their everyday behaviours at the office are what make or break a company’s security pos- ture, Legary feels companies need to focus on employee education, particularly impact prevention and mitigation rather than exposure to vulnerability.


One of the more creative and easily di- gestible means of training employees on the importance of secure workplace be- haviours can be found in the tools devel- oped by Greenidea. By using high quality animations and graphics, deliver security awareness messages to employees in an easy-to-understand and visually stimu- lating way. Greenidea president Rloe Mum- ford believes it’s really incumbent upon organizations to provide some means to keep security training information alive with people.


“People are just overwhelmed with the amount of information that’s coming their way,” he notes. “That’s certainly true in terms of the workplace, so it all comes back to this principle of repetition and finding ways to repeat this information in a way that’s attention-grabbing and inter- esting to people.”


Aside from the way in which Greenidea


presents its education, Mumford strongly believes that repetition is key. He adds that in order to remember the importance of security awareness, companies should ed- ucate and re-train employees over and over again to engrave safe security habits into the minds of their staff. For him, this is the most important practice an organi- zation can adopt to strengthen security through their employees. Now if there’s one company that knows about security, it’s Symantec. It understands that businesses need to protect against tradi- tional security threats, but they also need to be aware of the growing influences presented by mobile devices and social networking. Jose Iglesias, vice president of the education and enablement services for Symantec, says the need for proper training and continuous education are now amplified by these evolving technology trends.


“Organizations allowing the use of so- cial media in the workplace should con- sider developing comprehensive practices and an IT policy to help protect the privacy of employees, as well as the company data they may be exposing to threats,” he says, adding training programs can help edu- cate staff members on the dangers asso- ciated with using personal devices for business purposes, and that effective training programs promote two-way com- munication methods that respond and predict emerging trends.


What all the experts agree on is that se- curity awareness is important for all levels of an organization, thus employee educa- tion and training on the safest and best se- curity practices is a must in today’s technology-driven business world. While training programs have changed, either teaching in new and more visually ap- pealing ways or with a stronger focus on new social media trends, the desire that employees have to learn the best business habits has not.


Providing employees education and training on secure business practices is one of the easiest ways a company can maintain security. Employee education provides staff with the knowledge and skills they need to realize that their actions not only affect but reflect the security of their organization.


Angela Rotundo is a freelance writer in T


oronto, Ont. FOLLOW US ON AND • SECURITY MATTERS 19


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28