Security technology has helped make information much more secure. Organizations have invested in firewalls, antivirus hardware and software, SPAM filters, Smart Cards, and other such technologies. Additionally, most organizations now have sound data protection policies and procedures in place for dealing with sensitive and business critical information. But even though the technology works, and the data protection policies and procedures are in place, the number and severity of information security breaches are only getting worse.
The missing piece of the equation, as always, is people. In one form or another, human error - not technical malfunction or inadequate business policies - is the most significant risk to protecting data. Based on the 2007 study from the IT Policy Compliance Group, human error is responsible for almost 76% of all data loss.
The human element is typically one of the weakest links in the data protection triangle of technology, business policy, and user awareness and training. While there has been great attention given to protecting data from external threats, evidence shows that it’s the authorized – yet unaware and unversed user – that currently poses the greatest risk to data protection. An effective security awareness and training initiative will address one of the highest risks you face in data protection today – the human element.
Why has the human element become one of the biggest risk factors facing data protection today? The answer: the industry has just done a better job of implementing security technology and aggressively pursuing good data protection policies and practices. But we often neglect to remember that it’s humans who have to use technology, implement the policies, and carry out the procedures. It shouldn’t be a surprise that human behavior, one of the hardest issues to deal with, is now at the forefront of risk.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment