Training plays a crucial role in financial firms data security
By Stuart Janicki • 27 Jun 2013
Let’s be honest, data security isn’t the most pressing concern for the majority of a firm’s staff. With so many industry regulations, it is easy to see how data security can seem so far-removed or just seen as another thing to learn.
As we’ve discussed previously, it is the role of senior management to change this perception. They need to realise the impact a data breach could have on a firm. Nobody wants to face a financial penalty, lose customers or see their reputation in ruins.
It is therefore surprising to discover the results of an FCA investigation into the data security training of 39 firms. 17 of these firms offered zero training. Nine required staff to read the data security policy and certify so, but did not follow up with testing. The rest offered formal training, with ten repeating this training at least once a year. Most firms did not test the employees understanding of the data security policy.
Training your staff does not have to be difficult or complex. It is important to relate data security risks to tangible consequences as the need for preventative measures that hopefully become modus operandi for all the firm’s staff.
Staff should receive innovative training and awareness campaigns. These should focus on the financial penalties that can be enforced as a result of any data breach. Staff should also be reminded about the legal and regulatory requirements to protect customer data, such as the Data Protection Act 1998.
As previously mentioned, the highly sensitive nature of customer details that are collected means firms have to pay special attention to data security. A serious identity fraudster can make a masterpiece from a few spots of paint. This is the message that you need to convey to staff, getting them to understand any data they handle, however small or seemingly insignificant, is worth protecting.
Creating day-to-day awareness is crucial. Your data security policy should be simple to understand and easy for staff to take away. Whether you give staff an elevator pitch, create posters, wallpapers or screensavers, they should be able to discuss data security policies and encourage others to take responsibility.
Finally, you can test staff on a regular basis. This enables you to know their knowledge of the subject, but also gives them an opportunity to feedback on any concerns they have.
Data security is important and you should engage your staff at every level.
Share this post