Do Your Employees Understand the Value of Information?

Do Your Employees Understand the Value of Information?

When protecting your organisation's highly important assets, this is often amongst one of the most vital questions to ask yourself.

When we deploy a customized information security awareness campaign for a client, our main aim is to create a mentality within which workers come to respect and defend the data they work with. To realize this, it's imperative that workers totally understand the worth of that information.

A Failing to grasp the worth of data may be a large reason for many information security breaches. for instance, it can be the main the reason why sensitive data lands up in wastepaper baskets or recycling boxes, that can afterwards expose the data to 'dumpster diving' which is the practice of looking through company bins for helpful rival intelligence that can be used to harm a business.

Failing to grasp this worth of data has in turn led to a number of the high profile 'laptop left on a train' incidents, where workers are travelling with sensitive data on their hard drives that has not been properly encrypted for transport.

A Failure to grasp the worth of data will even cause some workers to talk themselves into doing things they have been previously warned can be dangerous practice, like connecting to an unsecure building Wi-Fi to look at emails. We have at times all been tempted to try these things as a result of the convenience they provide. What prevents us is the knowledge and understanding about how valuable the emails we receive and are distributing are - all of which might be intercepted on an unsecure wireless connection.

Communicating worth to your employees

The value of data is generally best highlighted through a transparent information classification theme. For instance, let us use the conventional headings of 'public', 'internal' and 'confidential' data. One of the foremost effective ways of communication of worth to your employees is to contemplate all of the data types within your organisation and categorise them below these headings. With this turn this idea into a transparent communication that enables workers to envision precisely which information varieties ought to be thought-about under each of these classification structures. These can be coupled with fun and engagin practices to help instil these ideologies into your workers minds.

Make classification an obligatory practice

Making classification of all of your documents and data obligatory will in addition help you to insert this thought pattern of value into the minds of your workers. A classification system should be appointed to each and every new piece of data that workers generate. At the same time every bit of data that your workers receive should be checked inline with this classification system. If data is forwarded that does not conform to this classification system, then the data should be sent back to the creator for proper classification this practice over time can eventually cause this idea of conforming to the classification system procedure to become a habit.

Protecting confidential information: should you use a Carrot or stick approach?

For most organisations, if an employee happens to accidentally or deliberately reveal confidential information this can lead to disciplinary action. Ensure that you state this procedure as part of an awareness campaign and this can help increase the sense of worth of data and will generally be effective in helping your cause.

However, you must consider that some of the most effective internal communications campaigns will be successful by finding a way of orientating the objectives and needs of the worker with the objectives and needs of the organisation. A simpler technique is to make the worker realise value of protecting data whilst at work. There are several messages which will be used, like building the employee's perception of their contribution to organisation success, and the need to protect the integrity of this accomplishment. You can conjointly communicate how devastating an information breach can often be - for instance, through lost revenue or a fine from the information Commissioner's office. A data breach may even cause enough lost competitive advantage that an organisation is no longer able to operate at a similar size it had been. This associates the concept of data security with job security.

Very confidential?

Incidentally, I'm usually asked whether or not it's sensible practice to possess totally different levels of confidential information - for instance, confidential and 'highly confidential' or 'very confidential'. From a communications perspective, it's worth noting that this kind of practice are often damaging if it isn't planned and communicated clearly. For instance, workers will become confused regarding why some items of data are more confidential than others. There is conjointly a danger of weakening the perceived importance of the lower level of confidentiality. My recommendation is to continually be clear regarding whether or not the classifications are distribution list-specific (i.e. who will access the information) or handling procedure-specific (i.e. how data should be handled), or a mixture of each.

Article 10 asset security are focused on helping you increase and maintain your information security, with dedicated Information Security Training article 10 can help your employees understand the value of information.

Article Source: http://EzineArticles.com/expert/Sadie_Hawkins/1227282

Article Source: http://EzineArticles.com/7751495

_(By Sadie Hawkins).