Here’s probably what should be a well-known – if highly ironic – strategy when it comes to protecting trucking’s information technology (IT) systems from data breaches and hack attacks: you need detailed and repeated employee training.
Yep, the best data defense is once again the human beings who use IT systems every day, in every way, to perform their freight-related tasks.
One reason may be because U.S. companies are not prioritizing employee training in their fight against fraud and data breaches – at least according to the 2016 Shred-it Security Tracker survey conducted by Ipsos.
That poll found (among other things) that 78% of U.S. small business owners and over half (51%) of “C-Suite” respondents (read as: the chief executives) said they only conduct employee training on their company's information security procedures once a year – or less.
Furthermore, 28% of U.S. small business owners report they have never trained employees on how to comply with legal requirements or company information security procedures, with 22% admitting that they only conduct training on an ad-hoc basis, noted Andrew Lenardon, the global director for information security firm Shred-it, in this report.
"Successful [information security] programs focus on building organizational knowledge and capacity on the right way to manage, store and destroy physical and digital data,” he explained. “Without good training repeated throughout the year, employees can unintentionally expose their organizations to serious risks including reputational damage, theft, fraud and data loss."
Lenardon pointed out that experts suggest employees may forget 50% of training information within one hour of a presentation, with 70% forgetting within 24 hours and an average of 90% within a week. That’s why regular and repeated IT security training is a necessity.
“When you consider this, it is clear that training once a year or on an ad-hoc basis is not sufficient to ensure information security policies and procedures are being followed,” he stressed. "Repetition and frequency are the keys to helping employees understand their roles and responsibilities around data management.”
Lenardon offered up five security tips developed by Shed-It to help employee training when it comes to beefing up their information insecurity skills:.
- Commit to a “culture” of security: When management demonstrates a commitment to information security, employees are more likely to follow suit. If managers behave in a way that undermines security policies and procedures, employees won't take them seriously either.
- Repetition and frequency are the keys: Training should occur throughout the year and include various modules on organizational information security policies. Consider a "multichannel" approach utilizing a mix of in-person and digitally-delivered video training content to ensure employees are aware of how to handle and dispose of confidential information.
- Out of sight, out of mind: Place visual cues throughout the workplace to remind employees of their responsibilities in protecting confidential information, targeting common workplace errors and areas that can increase the risk of a data breach.
- Go where your employees are: A growing number of employees are now working outside of the traditional office environment (and that’s before we even get to truck drivers and their time on the road). Ensure training addresses the safe destruction of confidential information for both office and remote workers. Provide constant yet short reminders about different aspects of information security that employees can access anywhere, regardless of their location. Keeping it short also helps make it more digestible.
- Embed it: Make security best practices a seamless part of daily tasks, such as requiring all paper documents be destroyed when they're no longer needed, along with a “Clean Desk” policy, which encourages employees to clear their desks and lock documents in a filing cabinet or storage unit when they leave their workstation at the end of each day. (For truck drivers on the road, keep that paperwork off the passenger seat!)
“When all employees understand how to manage and identify privacy risks, business leaders are in a better position to protect their customers, their reputation and their people,” Lenardon noted.
Good advice any way you slice and dice it.