Before the 2013 ISSA International Conference, SearchCompliance Site Editor Ben Cole asked speaker and Providence Health & Services CISO Eric Cowperthwaite to explain the primary sources of top information security threats for modern organizations: "The reality today is the vast majority of employees have some way to be mobile, whether it's on laptops the company provides, or their smartphone, or logging in via VPN and computing from...
anywhere," Cowperthwaite said. "That's a huge area of concern."
During May's SearchCompliance #GRCchat, participants took to the Twitter-sphere to discuss the best methods for minimizing business ramifications of security breaches -- especially as employees are increasingly mobile. Tweet jam expert and former Federal Communications Commission CIO Robert Naylor chimed in throughout the Twitter discussion to share his perspective and offer advice:
Q3 Employees play the most important role! They are usually the easiest point of entry for malware, APT’s, and Botnets. #GRCchat— Robert Naylor (@rbnaylor) May 15, 2014
Ben Cole agreed:
A3 (cont) they must understand the vulnerabilities of the data they are responsible for, and what they can do to protect it #GRCChat— Ben Cole (@BenjaminCole11) May 15, 2014
As big data, mobility, the cloud and innovative consumer technologies work their way into business processes, they cause a breadth of new security issues for IT professionals. Cole and #GRCchat participant Brian Fanzo sounded off:
A4 More data/more places= more security headaches. Plus biz need to figure out how to separate corporate and personal mobile data #GRCChat— Ben Cole (@BenjaminCole11) May 15, 2014
Employees and internal customers play a chief role in data breach prevention, but simple, one-time training sessions won't remedy the issue.
SearchCompliance asked tweet jam participants to speak to this in the past. During our February #GRCchat, we asked, "What information management practices must be included in a mobile device policy to assure proper data security and to prevent breaches?" Tweet jammers suggested companies consider remote wipe control, info management policies for new tech, and frequent data confidentiality reminders for employees.
Robert Naylor's secret sauce? Creative -- and frequent -- training to prevent information security breaches:
Q3 I would deploy as many different and interesting types of training possible to ALL employees! #GRCchat— Robert Naylor (@rbnaylor) May 15, 2014
Q3 I liked a system pop-up quiz on cyber security each time someone logs into their computer and upon return from a locked screen. #GRCchat— Robert Naylor (@rbnaylor) May 15, 2014
Aside from educating employees on how to prevent security breaches, it is important that organizations -- especially those of enterprise capacity -- have leadership in place to enforce security programs and lead by example.
Join the discussion by adding your two cents here, or by using the #GRCchat hashtag on Twitter.
For more coverage of this month's #GRCchat, follow @ITCompliance on Twitter and read our recaps on developing a risk profile and preventing financial gaps. Our next tweet jam is scheduled for June 19 at 12 p.m. EST (topic TBA). We hope to "see" you there!