The Human Element
You’ve just invested in some new infrastructure, and security features to lock down your firms data. Your IT guy has assured you that your security’s covered. But there’s one risk, the largest risk to any business, which has been unaddressed. The human risk.
Human error, is an unbelievably broad term and could cover a whole myriad of different breach scenarios. It could be something as simple as losing a laptop, sending an email with confidential data to the wrong John, or inadvertently typing a password into a fake website.
The problem is that people prioritise their deadlines for the day and leave security to the IT guys.
Team Training and Policies
Its vitally important that the human risk is managed on two fronts; by implementing training and policies together. First you train your team on how they should act, and then you get them to agree to following that behavior.
Also your firm’s exposure and PI claim validity needs to be maintained by a demonstration that you have put standards in place around how passwords are managed.
An example would be the four steps discussed so far in this series. You’ve trained your team by sharing this information with them. Now its time to implement a policy to say that they need to do this. For example:
- All company passwords that are not stored in Practice Protect, must be a minimum of 16 characters long.
- The Downloads folder on any company computer, must be set to clear old files after 14 days.
- No company passwords are allowed to be saved in web browsers.
- Emails should be auto-archived after six months and filed in the secure company storage location.
Lets face it, if you haven’t told your team not to do something stupid and they do it, you don’t have much ground to stand on if that action leads to a breach.
The point of implementing policies is to ensure that everyone is accountable for their actions, and to allow your firm to drive the kind of behavior that you want followed.
As part of Practice Protect’s complete Cyber Security Platform we have a package of legal policy documents and weekly training webinars which we make available to all our clients. If you want more information about this you can book in a time for a consultation here.