Freely subscribe to our NEWSLETTER

"It’s all well and good having rigorous data protection policies and
standards in place, but if employees are not aware of them, or applying
them, they may as well not exist.

The requirement for comprehensive cybersecurity training should be
written into every employee’s contract. It must be an integral and
ongoing part of their development, right through from the onboarding
stage, with refresher courses combined with bite-sized learning to keep
up to date with evolving threats and corporate policies. Importantly,
this training shouldn’t only cover the ‘what’ and ‘how’ of
keeping data safe, it must also include the ‘why’: the specific
risks to the organisation and its customers or service users if policies
are not adhered to. This context is what creates engagement and
accountability.

To effectively mitigate against the kind of “accidental” mistakes
referred to by the Council, however, education must always be combined
with the automation and enforcement of policy in technology, to secure
each and every endpoint and protect the data being processed or stored
on it. Apricorn’s latest research shows that more than 60% of IT
leaders still expect their remote workers to expose them to the risk of
a data breach, regardless of what training they’ve received. The
approach should include the automation of backups, so information can
always be recovered and restored in case of a cyber-attack, breach or
employee error.

The encryption of data as standard across the organisation should be
mandatory, both when it’s in transit and at rest, and automated
wherever possible. When data is encrypted, it’s fully protected – so
if an unauthorised individual gains entry to an IT system for instance
it will remain unreadable. Storage locations should include an offline
solution, such as high-capacity hardware-encrypted USBs that
automatically encrypt all data written to them, again taking the human
risk out of the equation."