Data security training has a place in the public sector - but is it enough?5 min read
91% of IT leaders in the public sector agree that there is always a place for data security training for employees. This is what they told us in our global study of more than 6000 employees into secure communications.
And we agree. Indeed, there is always a place for employee training. IT and data security are important topics and many employees are still unaware of risks and how to manage sensitive information. However, it does provoke the question; is security training enough? Can you train your employees to behave compliantly and securely 100% of the time? And, regardless of whether it is possible, is this the best approach?
How to avoid data leaks in the public sector
Let's see where things go wrong. What are the most common areas of risk in the public sector? We know from reports to data protection authorities that employee behaviour is an important factor in causing unauthorized access to systems by third parties, or causing data breaches. Communication processes play a very important role in this. From responding to (spear) phishing emails and clicking on malicious links and opening files containing malware attacks, to incorrectly addressing emails containing sensitive content. And IT leaders agree; in fact 45% in the public sector see data breaches due to employee errors in email communication as a very high risk.
Employees have important jobs to focus on
If you see employees as risks that need to be managed, you may also maintain that properly and continuously trained employees can become experts in the field of security and prevention. The reality is that 99% of employees in the public sector are hired to be experts in their specific operational field; they have to assess permits, draw up policies, manage employees and generally serve the public interest. IT security is not their responsibility to bear.
Simply put, employees have important work to do and it deserves their full focus - yet many employees are increasingly finding it difficult to focus on the day to day role they were hired to do. Increasing numbers of collaboration platforms and working methods are distracting. The risks of errors in online communications increase pressure on employees.
Having to follow a multitude of security and compliance training courses is even more distracting. Well-intentioned 'phishing simulations' even give employees the feeling that they are constantly a target of their own organization. As a result, they pay their actual work less attention as they second guess their every move.
Training lays the foundation
IT leaders in the public sector have the responsibility to deploy security and awareness training in a targeted manner. Training lays an important foundation. It should inform employees about risks, impact and common causes. Knowledge is essential for the best assessment of any situation and the best way to act.
Smart technology enables employees to work safely, effortlessly
Progressive IT leaders who want to give their employees the freedom to focus on their work provide smart technology that supplements the effect of training in an effective and efficient manner. This smart technology empowers employees by recognizing potentially risky situations and enabling employees to work safely, effortlessly.
Compare it to the navigation in the car that, taking into account road closures and traffic jams, continuously supports you to make the smartest choices - to get from A to B as quickly as possible.
Smart technology recognizes the leading causes of data breaches, including sensitive content in the body or attachment of an email, and automatically ensures the correct classification, encryption and authentication of recipients. Smart technology ensures that employees can confidently use their address book and 'autocomplete' functionality by checking whether or not sensitive information appears to be sent to the correct recipient. Before sending, smart technology checks with the employee whether it is indeed the intention to send highly sensitive data (such as a citizen service or National Insurance numbers), and supports awareness, risk recognition and automates actions that are not part of an employee's core role.
Development and adoption of smarter security software must accelerate
While driving a car can be dangerous, we are not obliged to take refresher courses every few months. We use the knowledge we learned during theory training and practice and continue to develop our skills with experience. But smart technology is prevalent even in our cars - navigation, cruise control, traffic sign recognition and parking sensors; while training laid the foundation, smart technology gives us focus and comfort.
More than half (53%) of public sector IT leaders say that deploying smart security technology is the essence of progressive risk management. That percentage must move towards 100% in the coming years through the development and adoption of ever smarter software. This supercharges security and awareness training, ensuring employees get what they deserve - the freedom to focus on their own work.
Last updated - 06/12/22