How to make your employees aware of the importance of secure information processing
Some organisations are already GDPR compliant, others still have work to do to meet the legal requirements. To achieve this, a set of technical and organisational measures is required. There are many step-by-step plans on the Internet to help you with these measures. It is even more important yet to raise the awareness among your organisation’s employees. This is very important, since 46% of all data breaches occurs because employees do not handle sensitive data consciously. How do you make sure this will change within your organisation?
1. Organisational measures
As a CISO, you record a lot in order to be accountable, in compliance with privacy legislation. You have to give evidence you have arranged certain issues. For instance, drawing up processor agreements with suppliers, a protocol for reporting data breaches, or a privacy impact assessment when making use of certain tools and software. You can arrange many issues independently as a CISO. However, the introduction of new policies, such as for reporting data breaches, affects other parts of the organisation as well. The organisation should first understand why you take these measures, and what is expected from its employees.
2. Technical measures
Technical measures are necessary to organise the protection of personal data. Think of the encryption of data, two factor authentication, or regulating access by using entry passes. Sometimes the existing solutions are not sufficiently fitting, so you obtain new solutions. The key factor in the application of technical measures are the users: your organisation’s employees. If they do not make use of the technical solution, your organisation still does not comply with the privacy legislation.
3. Awareness among employees
To make the organisational and technical measures successful, you definitely need support among the employees. Not only do you need support from the IT department, but from all employees who process personal data in any way. In our e-book, we will explain how you can reach this in an accessible and effective way.
As a CISO, you are facing a major challenge: creating awareness within the organisation. This is truly crucial. If employees are not fully aware of the implications of the unsafe processing of personal data, you keep on firefighting. But how do you start this awareness process? In our e-book, you will find answers to the question: how to create awareness about the secure processing of personal data within my organisation.
To protect against cyber security threats, every organization should view their workforce as the first line of defense. After all, many security incidents are caused by human errors, such as becoming a victim of a phishing attack, sharing sensitive information with the wrong recipient, or accidently installing a virus on a shared drive. No matter how many […]
Before email came into popularity, fax transmissions presented the only way to send written communication quickly. They could provide paper printouts in a few short minutes over hundreds of thousands of kilometers. Nowadays, email has become the preferred method of communication. Consequently, most companies have entirely abandoned fax machines. […]
You probably remember when Facebook's founder Mark Zuckerberg testified before the American Congress and UK lawmakers regarding the Cambridge Analytica data leak scandal. The political consulting firm harvested raw data from 87 million Facebook profiles while working for Donald Trump's presidential campaign in 2016. You might also recall the massive data breach […]
Most people don't realize how easily an email can be sent to the wrong recipient. A typo in the address, a mistake in the configuration of a server, the wrong name selected from the automatic address book: they are all simple and common mistakes. In addition to the human error element, there is always a risk that hackers could compromise the mail server of a provider […]
When people think about email security, they typically associate it with widely reported hacking incidents, often nefarious in nature. These breaches tend to be higher in profile for a multitude of reasons, but actually account for a lower percentage of data breaches overall. For many organizations, the biggest threat to protecting privacy-sensitive data simply comes […]