Affordable | Achievable | Relevant
A 2014 PWC survey reported that 84% of data breaches were caused by internal users. Some 99% of those incidents were accidental with the remaining (and fortunately rare) incidents being malicious.
Whilst in today's world we have to accept that there are no guarantees and if an intelligence Service or a 15 year old super hacker want to get in they will, we can do something to mimimise the chance of accidental breach.
With significant penalties for negligence introduced to the Data Protection Act and clients increasingly requiring assurances over the protection of their data, as an absolute minimum user education should be at the top of every firms learning agenda. For a relatively small outlay huge savings both in terms of penalties and perhaps more importantly reputation can be saved.
A good information security awareness program is not just an annual Powerpoint. It should be a well planned year long calendar of varied communications that keep users engaged, interested and up to date with the firm's policies, current cyber attack activity and latest developments.
The key reasons for a good education program are
Reduce risk of data breach
Assist with InfoSec accreditation
Strong message to clients
Cyber Insurance discount
Mitigate potential breach penalties
Objective: To help your staff fully understand the ProSec2 standard and advise others as to how accreditation can be acheived.
The ProSec2 User Awareness Program comprises of the following components FREE of charge as part of the overall package.
User Awareness Survey
We recommend that the 20 question survey is completed by a selection of the user population both prior to and post the User Awareness program as this will act as a key indicator to progress.
User Awareness slide deck
A 24 Slide presentation aimed at users to help deliver key information security messages.
User Awareness Program Execution Plan
An example Project Plan for mapping out all aspects of the User Awareness Program including:
Quarterly Executive Briefings
Key Dates and Milestones
User Awareness example communications
Example emails for the various stages of a communications plan
User Awareness example roadmap
A graphical calendar style roadmap suggesting months and weeks to deliver key InfoSec messages
Want to become an accredited ProSec2 Advisor?
Contact us for details
All PortCullis packages come complete with 10 fully editable Information Security Policy Templates
The single biggest reason for data breach is user error
The best form of defence is education