40% of data breaches affect customer information – how can businesses reduce the potential damage?
April 2020 by Kaspersky
Kaspersky expands subjects covered by its Security Awareness solutions with free module on remote working and new topics about GDPR and sensitive information.
As revealed by Kaspersky’s IT Security Risks Survey, customers’ personal information is involved in data breaches more often than any other type of corporate data. This sort of data leakage may result in reputational and financial losses, as well as regulation penalties if not responded to properly. However, if data processing is addressed effectively, damage from a potential data breach can be reduced significantly. To enable its customers to become better at data processing, Kaspersky has added GDPR and confidential data courses to its cybersecurity awareness learning platform for businesses. In addition, to help companies ensure that remote working doesn’t pose a security danger to their business, Kaspersky has introduced a free module on working from home security basics.
The way a business stores and uses customer data plays an important part in shaping and maintaining its reputation. However, Kaspersky research has shown that personal identifiable information is the most frequently targeted type of data amongst cybercriminals (40%). As a result, 29% of companies surveyed experienced issues with attracting new customers after a data breach. In response, courses about GDPR and confidential data have recently been added to the Kaspersky Automated Security Awareness Platform as new training topics, to help companies upskill their personnel.
Keep it confidential
The course about confidential data covers common rules around handling sensitive information, including personal data, trade secrets, or internal documents that cannot be disclosed externally. This new topic will give personnel the expertise they need for working with this type of information and help them learn how to minimise the damage if data is unfortunately leaked.
The topic is divided into several modules with different levels of difficulty – from beginner to more advanced. It allows a company to cover all role profiles with a suitable learning program, assigned according to risk level. Thanks to this, staff members will not become overwhelmed with details which may not be relevant for their job. All workers have to know how to identify data with restricted access; securely store it on paper, using computer or cloud services; and recognise who they can share this data with, both inside and outside the company. Those who use internal resources with highly restricted access should be able to encrypt data using tokens and other security devices.
The learning content available in the Kaspersky Automated Security Awareness Platform simulates typical situations that may arise during the working day. For example, someone undertaking the confidential data course will be faced with scenarios where they have to choose the best way to send a file to a colleague or talk about a future project in a crowded place.
GDPR explained – for all
The GDPR course defines the requirements and responsibilities stipulated in the regulation. It is aimed at all companies that collect and process personal data of EU citizens (workers or customers), even if they are not located in the EU. The lessons also offer different depths of learning. The basic modules explain what information is related to the regulation, types of personal information and guidelines how to process each of them. Basic level lessons also teach personnel to identify if GDPR requirements must be considered in a particular case, such as shooting a video with EU citizens in public places or hiring a non-EU resident who previously lived in the European Union. Advanced lessons cover data processing requirements intended for controllers and processors. By gaining this skillset, employees will be able to deal with sensitive data more responsibly and this will reduce the possibility of data being leaked and GDPR violations taking place.
“Since GDPR came into force, we have been thoroughly reviewing when people find it most difficult to follow the regulation. Our courses are based on these real-life situations, to ensure we make them as useful as possible. Our training courses demonstrate how even simple actions of each employee – such as double-checking email addresses - allow a company to be a responsible partner for its customers. As a result, it helps to build a corporate culture where every employee puts responsible data handling first,” comments Elena Molchanova, Head of Security Awareness Marketing at Kaspersky.
The company constantly develops new courses and updates existing content in accordance with the latest threats, as well as meeting its customers’ needs. So, because an increasing number of companies are now switching to remote working (in fact, 75% of companies have expanded their working from home policies) due to the COVID-19 pandemic, Kaspersky, in collaboration with Area9 Lyceum, has released a new complimentary module. This module will help customers minimise the risk of catching the virus and will show how an employee, even with minimal expertise in IT and IT security, can organise a secure working from home environment. The module enhances skills in the most necessary areas, including strong password creation, updating software and protecting a home Wi-Fi network. The free module is available via a link. The Kaspersky Automated Security Awareness Platform is guided by educational and psychological research. That’s why the different types of learning activities follow each other at specified intervals, so they help to ensure skills are not lost along the way and the structure of each lesson reflects the way people naturally think. Each lesson is short, lasting up to 15 minutes, to prevent boredom and fatigue.