Avoid ‘check-the-box compliance’ when it comes to cybersecurity

The need to educate employees about cyber risk management is more important than having a compliance program in place, according to one expert

Avoid ‘check-the-box compliance’ when it comes to cybersecurity
With the workplace becoming more digitized, two recent reports showed the need for more companies to invest in training employees in data security.

Wells Fargo Insurance released a report that said only 7% of companies in North America believed that “their employees’ misuse of technology posed a potential threat”, said Mary Kathryn Curry in The National Law Review.

Another report released by the Ponemon Institute, an independent research firm measuring privacy, data protection, and information security policies, found that over the course of a year, 874 insider incidents of data breach were tallied.

“[Of those], 65% were caused by employee negligence, 22% by malicious employees or criminals, and about 10% by imposter fraud,” said Curry, adding that the negligence cost the company more than US$200,000 per incident and roughly US$3 million annually.

“Companies perceive insider threats as mostly driven by malicious employees, but the fact is that a significant portion of the risk is due to insider carelessness.”

Curry noted that the Ponemon report claimed that “training programs … companies have are just not very good. They are really focused on check-the-box compliance requirements to show everyone that [the] company [has] training on data protection” while Wells Fargo Insurance emphasised the need to educate employees about cyber risk management.

Apart from re-evaluating their training programs, the Ponemon report also recommended the use of user behaviour analytic to track, collect, and assess user data and activities online.

“The recommendation is to focus on visibility and transparency – not on stringent controls – and to build “a layered defense that delivers a comprehensive range of capabilities across visibility, detection, context, and rapid response,” said Curry.

Related stories:

Culture to blame for massive HR hack

Dangerous phishing scam found on fake MOM site

Are people really your biggest cyber security risk?

Free newsletter

Our daily newsletter is FREE and keeps you up-to-date with the world of HR. Please complete the form below and click on subscribe for daily newsletters from HRD Asia.

Recent articles & video

Should qualifications or experience matter more in recruits?

Appreciation best practices: a checklist

Prince Harry’s ‘modern’ approach to fatherhood highlights HR failure

Mental wellness: why C-suite should lead the discussion

Most Read Articles

How to overcome challenges of HR tech project

Worker sues after being fired while on sick leave following miscarriage

Is your workplace culture toxic?