As strong as its weakest link

It becomes increasingly evident how vulnerable organizations are and how vulnerable today’s society is as a whole. The impact and consequences of various risks should be transparent, for which security awareness is extremely important. Every employee at every level in the organization should be aware of the importance and understand and act to his own individual security-responsibilities. Even though the security of a company is perfectly organized, it is as strong as its weakest link.

Changing Society

If you take a look to the enormous speed of changes we are currently dealing with, the technical security often is no longer able to keep up with it. The digital era requires a high level of control. However, in comparison with the “paper-based world”, these issues already existed there as well, but have not been given attention to by the media. All of this, gives your organization no other choice than anticipate to these security developments: together with all the employees!

Creating awareness regarding the essence of security for the entire organization can often be challenging. Frequently heard statements are: “Creating awareness is not necessary at all, we already know our responsibilities” and “We do not have time for this”! Another thought is, that these sorts of tasks only belong to the system administrator or security officer. That is the moment where problems could arise. For instance, clicking on a wrong link, indiscriminately approving a notification or keeping information on the wrong place and/or destroying it in an incorrect way. These matters could all lead to increased security risks of valuable information, with all the consequences that will entail.

The human being as a risk factor

Above mentioned quotations often result from ignorance. The human being as a risk factor has been a neglected theme since the 80’s. While in fact, the human being causes the most incidents! Certain actions are not always to blame on the employees themselves. As long as they are not aware of the dangers, you cannot expect them to act to it. Every single employee should be made aware of potential dangers and consequences of actions they perform at work. Sharing this knowledge is essential for the security quality.

In recent years, much attention is given to programs that focus on creating awareness in organizations. Although that is a positive thing, just giving a training is not sufficient enough. The reason why, that is important! Is the reason just to comply with certain standards? Then we completely miss the goal. As long as people do not have the idea it will also improve themselves, I dare to say that an awareness training will not work.

Awareness through personal involvement

I, Maurice Sanders – Information Security Officer, am convinced that an increasingly awareness for security could be realized through personal involvement. This should be the common approach during a training. Awareness should go further than the working environment; it should be extended to personal areas. You will only influence the behavior of employees if you have made clear where the dangers and consequences consist of. They will then automatically apply it in their personal and working environment.

Gemeente Venray Maasziekenhuis Pantein Reade GGD Twente

Stay up to date

This website uses cookies to give you the best experience. Read our privacy policy. Agree by clicking, scrolling or clicking on the 'Accept' button.