In today's global office, IT security leadership spends a great deal of time and resources creating a defense-in-depth approach to data security. This often includes layering on both logical and physical solutions as well as detailing out policies and procedures for accessing company data in a secure manner.
However, at the end of the day, this information is regularly being retrieved and used by the workforce at large and only including an overview on data security in an employee handbook won't guarantee that these records are kept safe.
There is a need to create value around company data and one way to do this is to ensure that the workforce knows and understands the threats that are out there and the measures that are in place to protect against them. The following are factors for companies to consider when creating an effective data security communication plan.
Target your audiences. Most companies have a diverse workforce with varied backgrounds and ages. The communication efforts that resonate with Millennials may not work for Baby Boomers. Try different types of communication to see what resonates most with these different audiences. Newsletters, announcements at staff meetings, reminders in break rooms and cafeterias, blog, vlogs, podcasts, screen savers displaying data security and privacy messages and even games can help disseminate the message.
IT security teams can also divide workers into those who will support company policies, procedures and best practices as well as those who may be a barrier to success. Targeted efforts with the latter will help to shift their priorities to include data privacy and security.
Provide Ongoing Education. Security and privacy trainings typically happen during the new hire process but it's important to not stop there. The first few weeks at a company are often overwhelming and jam-packed with information. To make sure that policies are being adhered to and best practices followed, follow up with six-month training courses and create a schedule of ongoing educational programming on data security. Try mixing in-person seminars and interactive training modules with online sessions for maximum effectiveness.
Make it Personal & Relatable. To the general workforce, data security may seem like an intangible thing. Utilize real-world examples and case studies to make policies and procedures — as well as the consequences of not adhering to them — more real. Answer the questions "why should I care?" and "what's in it for me?" Talk to workers about how they uphold privacy in their personal lives and then help them transfer these tactics and values to their work lives.
Encourage a cultural change. Walk through any office space and you'll likely see employees displaying proprietary information or login credentials on device screens. This can lead to visual hacking — a low-tech method used to capture sensitive, confidential and private information for unauthorized use. You may also find confidential documents left in printer trays and encounter workers talking about sensitive topics in the hallway. In this situation, data privacy clearly isn't a central aspect of office culture.
Sign up for Computerworld eNewsletters.