Key Management Refresher: The Importance of Education
For any organization managing encryption keys, the process of creating, maintaining, and improving a key management system can seem a frustrating or even impossible task. These feelings of frustration often stem from a few prominent mistakes that frequently occur. Beyond simple annoyance with an inefficient system, key management mistakes can have a far more damaging effect: data breaches. Fortunately, these mistakes are easily preventable with some instruction. In our whitepaper, Ten Key Management Mistakes…And How to Avoid Them, we discuss ten actions that can make or break a key management system.
A recent study titled “Security Awareness Training: It’s Not Just for Compliance” has revealed that 56% of corporate employees have never received security or policy awareness training from their organizations. This means that more than half of employees are doing their jobs without fully understanding the security risks they could be causing. Is it any wonder that 35% of global data breaches are caused by a negligent employee or contractor? That’s what the Ponemon 2013 Cost of a Data Breach Study has stated, along with the sobering fact that a single breached record in the US costs an average of $188. Multiply that number by an average of 23,647 breached records per organization, and you’ll soon realize just how much a lack of employee education can cost.
When implementing a data security educational system into an IT infrastructure, there are a few tips to keep in mind:
- Make it engaging: Don’t just send out a memo saying “You must now do these things that will likely add on to your workload.” Try out a “Lunch-and-Learn” system in which employees actually want to attend, instead of resentfully feel obligated. Rather than make the Lunch-and-Learn a lecture, turn it into more of an interactive event. The more your employees are engaged in the presentation, the more likely they will be to remember and follow the steps learned.
- Make it relevant: Employees are much more likely to follow data security policies if they understand why those policies are in place. Let them know what is at stake and how their actions can realistically impact the organization.
- Make it consistent: Go into training sessions with a set plan. No employee is going to take data security policies seriously if their training is followed the next day by a memo stating “Never mind. Do this instead.”
Remember that data security education is relevant not only to employees; stakeholders can make or break the strength of an IT infrastructure. Keeping stakeholders informed about issues such as compliance mandates, current resources allocated to data security, plans for the future, and the problems faced by your unique system will make stakeholders far more likely to advocate for stronger data security.
Want to know more about key management best practices? Head over to the resource library to download our whitepaper or contact us today.