4 Basic Steps to a Data Security Culture
Data breaches pose a significant threat to organisations today, with cyberattacks having increased notably in recent years.
While technical solutions are vital, many data breaches are caused by careless individuals within the organisation. Either through not carrying out basic tasks to keep data secure or not following through on the actions required to prevent bad actors from accessing systems.
This underscores a key point from my book Culture Fix: people's behaviour will ultimately define how safe your information is. Making data security a priority within the strategy from the outset ensures necessary investment, but fostering a culture where security is embedded in daily actions is paramount.
The compromise of the Indian government's Aadhaar system exposing data for nearly a billion people demonstrated how vulnerable vast datasets can be, let alone the recent breaches at Marks & Spencer, the Co-op and Harrods. Cybercriminals are constantly looking for ways to gain access.
Building a multi-layered defence requires awareness and collaboration across the culture. However, here are four basic things everyone within the culture can do to contribute to data safety:
Create strong, unique passwords that are hard to figure out, and crucially, do not write them down near your computer
Be vigilant; look out for anything that seems electronically suspicious (this includes the IT Helpdesk!). Do not open emails with dodgy titles or from unknown senders, and never open their attachments
Ensure all software is kept updated to ensure the latest security updates and features are being applied
If working remotely, know how to secure data when out of the office. Avoid taking sensitive information out on portable devices and always be mindful of who’s around you
Beyond these individual actions, organisations should avoid generic user accounts, regularly check user credentials (what people are allowed access to), and close user accounts promptly when people leave.
Ultimately, securing data isn't just about firewalls and policies; it requires a collective commitment and discipline. By embedding security-conscious behaviours into the cultural fabric (the 'way we do things around here') organisations can significantly enhance their defence against threats and ensure that they don’t expose their customers' data or their data security ineptitude to the outside world.