When a data breach occurs, there is a natural inclination to point the finger at someone. Did the IT department not take the right precautions? Was an employee careless with the company’s data? Did the vendor sell faulty technology?
Sadly, there is no one person to blame. Usually breaches happen because of a systematic breakdown of security that involves many different factors, especially in large organizations. It takes a full organization on its own to be committed to security to provide the best chance at avoiding a breach. Here are some key people that help an organization remain secure.
Management
Without a leadership dedicated to data security, an organization does not stand a chance in protecting data. Leadership must devote resources to protecting data, whether it is investing in new cyber technologies, training employees or establishing a company-wide culture of data security. With public breaches to companies like Sony and Target, leaders should understand the ramifications of a breach. If they don’t, it’s up to IT staff to educate them.
IT Department
While management support is paramount, it’s up to the IT staff to keep leaders informed on what they need to secure the company’s data. That may include new technologies or training, along with the authority to make crucial technology decisions in a timely manner. IT staff are on the front lines of information security and should see their role beyond keeping technology working, acting as trusted advisors on all things technology-related for their organization. If the IT staff sees a potential risk, it is their duty to explain the consequences and provide a possible remedy, even if that means bringing in outside expertise.
Employees
Everyone that uses the Internet at work is responsible for data security, including every employee. IT staff needs to train employees to use what is called good “cyber hygiene.” That means doing simple, yet effective things, such as not visiting untrusted websites, not opening email from unknown senders and not downloading company information on personal devices, such as mobile phones.
Many data breaches occur from end-user behavior, but while it may be easy to blame employees for this, they need to be adequately trained to make the right decisions. The U.S. Postal Service performed an interesting test last year. They sent employees a fake email that resembled a standard phishing attack. Any employee that clicked on it or failed to report it to IT had to undergo cyber-security training. By doing this, IT staff ensured that employees received the training they required.
Are You Looking for a Cloud Service Provider in The Bahamas, Caribbean or Latin America?
If you're thinking about switching to a cloud service provider, consider Cloud Carib. Located in Nassau, Bahamas, Cloud Carib is a cutting-edge, cloud service provider that offers private, public, and hybrid cloud solutions. If you're looking for tailored cloud solutions from a reliable provider, call (800) 390-2806 to speak to a cloud specialist.