If your teams can’t tell you much about their privacy and IT security obligations, the answer is no. Privacy and security obligations involve considerably more than just knowing what phishing is.
There are so many things you can do to increase your return on investment and mitigate your risk, this could be a very long newsletter… but I’ll keep it to 3 points today:
1. Deliver small group training to up-skill those where the risk is greatest
Obviously, anyone handling sensitive information, needs more in-depth training than someone who isn’t handling that category of information. I’m referring here to the categories of sensitive information, which includes health information, under Federal privacy legislation.
We recommend also including staff handling information concerning children or other vulnerable people. Your finance staff are also a target for cybercrime, and staff supporting senior leaders or the Board, ie Chief of Staff or Executive Assistants.
So, make additional and tailored training available to those groups where they can interact with the trainer, listen to relevant scenarios, and ask questions.
2. Actually promote your privacy and IT security training internally, and reward interest and knowledge
Promote recognition for privacy and IT security training completed, within your teams. Consider developing levels of knowledge and training for specific levels.
At the commencement of meetings, ask for examples of instances where staff have handled a privacy or security issue and/or uncovered a risk.
People want to be recognised for capability and competence, and privacy and IT security are critical to every organisation. So, instead of viewing and promoting the training solely as a “compliance” requirement, use an approach which is a win-win for everyone.
3. Ensure your staff have someone to speak to when they’re unsure about a privacy or security risk
We don’t know many people who wouldn’t prefer a quick answer by speaking to a real person any day, than being told to fill in a form and wait for a written answer, at a later time.
Privacy and IT security are complex topics so if you want people in your organisation to help to mitigate risk, help them by providing accessible answers when they reach out.
This type of support can be included as part of your “training” investment as it builds internal capability. We also acknowledge that many privacy and cyber teams are under-resourced and the fact is, this has to change. Just like increasing your ROI on training, organisations need to be creative now about the best ways to increase the size of privacy and cyber teams. (See future newsletters for some of those tips!)
Contact us on 1300 264 946 to discuss the ways we can help your organisation to lift privacy and security capability.