Moving to the cloud? Bolster data security training for employees


Cloud adoption has accelerated among organizations across myriad sectors. An estimated 80 percent of businesses worldwide are using cloud-based data processing and storage solutions, according to research from RightScale. Additionally, a vast majority of those sitting on the sidelines are actively planning to enter the arena. Despite this widespread embrace of the cloud, chief information officers and other decision-makers maintain serious concerns about the technology, most of which center on data security. While such fears have subsided in recent years, stakeholders continue to struggle with the subject. According to RightScale, security remains the biggest implementation challenge – and for good reason.

Today, cyberattacks are ubiquitous. Hackers carried out more than 42,000 digital strikes last year and orchestrated roughly 1,900 data breaches, Verizon Wireless found. This state of affairs unnerves business owners, some of whom insist on maintaining legacy technology, believing their server rooms to be more secure than the cloud. In reality, cloud service providers offer data security defenses that go far beyond the capabilities of internal information technology teams. With around-the-clock monitoring, device management and encryption services, vendors in the space are more than capable of repelling cyberattacks. However, these firms cannot account for all the variables that determine data security efficacy, most notably, end-user behavior.

Negligent user activities lie at the center of most cyberattacks. More than 80 percent of all hacking-related system intrusions last year involved stolen or weak login credentials, according to Verizon Wireless. Similarly, over half of all documented breaches stemmed from malware-laden email. Cloud vendors do not have the power to dictate how employees use company platforms and therefore can do little to address these issues, apart from reporting problematic user behaviors observable on the backend. Organizations must step in to provide workers with the knowledge they need to safely navigate company servers. Unfortunately, this rarely occurs. In fact, only 45 percent of employees attest to receiving such training, according to research from CompTIA.

Businesses of all stripes should create and maintain robust internal data security awareness programs – especially those exploring the cloud. How? Here are some salient strategies for successfully executing this monumental task.

Identifying and correcting dangerous user behaviors is key to securing cloud-based applications.Identifying and correcting dangerous user behaviors is key to securing cloud-based applications.

Earn executive support and participation
Executive support is essential in any large-scale company initiative. The adoption of new data security training for employees is no different. Project managers must engage with business leaders to design an effective implementation roadmap, Government Technology reported. These figures free up the necessary resources and use their profiles to catalyze employee support.

Of course, executives must do more than make space on the balance sheet and publicly pledge their support for the program – participation among C-suite dwellers is a must. High-ranking members of the organization are most likely to deal directly with sensitive assets and should therefore employ strategies for protecting these pieces of information. However, many IT teams make accommodations for business leaders and hackers realize this, according to Kaspersky Labs. For instance, many target executives as they travel on business, slipping into unsecured hotel internet networks to steal sensitive data. Like employees further down the totem pole, C-level leaders must adhere to strict data security protocols to keep company servers safe. Additionally, their presence will further bolster the legitimacy of the initiative and encourage staff at large to take it seriously.

Work with external resources
While internal IT teams can effectively manage backend systems and support users, most are ill-equipped to facilitate up-to-date data security. New attack vectors materialize daily, meaning that trained professionals who specialize in this area are best suited for this job, ComputerWeekly reported. These experts not only dole out the latest strategies for protecting company assets but also utilize engaging instructional tools that keep employees locked in and ready to learn. There are logistical benefits as well. Data security training programs should ideally unfold over weeks or months – a tough timeline for IT staffers who are already weighed down with their existing responsibilities.

Center the conversation on cooperation, not compliance
When offering guidance on something as important as data security, internal IT teams and external partners tend to emphasize compliance. This strategy makes perfect sense –  encouraging employees to change their behavior is the primary objective. However, such an approach may have the opposite result, as participants bristle at new administrative requirements that complicate their day-to-day workflows.

Reframing the exercise around cooperation often proves more effective, Kaspersky Labs found. By simply illustrating the the impact ineffective data security has on the organization, project leaders can build internal solidarity. Employees are more willing to stick to new guidelines when they understand that breaches affect everyone, from the CEO to the person manning reception. On top of this, preaching cooperation builds a culture of self-awareness in which employees actively police their own behavior and encourage their coworkers to do the same.

“By illustrating the the impact data security has the organization, project leaders can build internal solidarity.”

Focus on subjects that matter
Data security is a vast and ever-growing field due to the simple fact that hackers gain new capabilities every day. With the wealth of seemingly essential available information, companies sometimes design programs that attempt to cover all the bases. This is not a viable strategy. Instead, organizations must focus on data security variables that actually affect operations. What are those exactly?

Last year, Dell connected with more than 2,000 professionals from across the globe to identify and evaluate common enterprise user behaviors. According to this survey, 72 percent expressed a willingness to share confidential information and 45 percent engaged in online activities that were considered “unsafe.” For example, almost half said they used public Wi-Fi to access sensitive company data. More than a third attested to departing past employers with organizational information and approximately 21 percent admitted to losing company-owned devices. Three percent even relayed that they knowingly open malicious emails at work.

Effective data security training programs address problematic behaviors like these, delivering targeted instruction tailored to consequential, widespread trends.

Measure participation
Simply providing focused, engaging instruction is not enough. Enterprises that want to see results must not only deliver training but also monitor employee participation, Government Technology reported. This promotes accountability and encourages cooperation, as the training becomes a trackable task rather than some undocumented throwaway activity. Companies should also work with employees to assess their online behavior over time. This facilitates future growth and improves program efficacy.

Organizations on the verge of adopting exciting new technology like the cloud must take steps to ensure safe usage within the workplace and developing and deploying employee data security training is one of those key practices.

Is your business considering making the move to the cloud? Connect with TelcoSolutions. We offer enterprise-grade cloud computing services via our industry-leading service partners. Contact us today to learn more.