What is Data Hygiene?
Companies are increasing their awareness of cyber security with 91% of those surveyed by the Institute of Directors in December 2015 saying that cyber security was important to their organisation*.
Conversations are now being held at board level, although the cyber security budget is likely still to remain with the company’s IT team. Those IT teams are sensibly protecting the business by spending money on firewalls, anti-virus software and other preventative tools. Yet there is another element to keeping a company’s information safe, which in some cases is being overlooked, and that is the people within that company and their practice of data hygiene. So, what is data hygiene?
If it is true, as suggested by experts in this field, that 84% of data breaches are related to malicious activity or down to an error made by an employee, then effort must also go into educating staff on the importance of cyber security and the penalties of breaching it. In most organisations this does not sit comfortably with the IT team but with the Human Resources department and their training budget. In the same way as the company’s anti-virus software is regularly updated (according to the configuration set by the IT team upon receiving new versions from the company’s chosen provider), this training needs to happen regularly and as new threats materialise.
The risk remains though that the company is attacked with a new criminal technique to steal or interfere with data before the update, whether through software or training, is implemented. Whilst software is limited by code, human beings are not. Such attempts can be blocked by some careful thinking, which is increasingly being referred to as digital hygiene. Digital hygiene is a matter of thinking about data security with no distinction whether it is in one’s personal or business life, in the same way that most of us shower daily whether we are going into work or not.
It means that individuals need to think about digital security in the same way as they do about their physical security. Car keys would not be left lying around for all and sundry to use, and passwords should remain private too. In the same way that people seek to secure belongings at home by using an intruder alarm, they should keep any PC equipment and mobile devices regularly updated to prevent digital theft. Most of us may think carefully about leaving valuables on display to prevent our car being broken into, but too few use the same kind of thought pattern to stop personal information -valuable when it comes to identity fraud or social engineering- being displayed on line. It is about accepting that the company or the bank is not to blame if one does something foolish, and although there is sympathy for those who are digitally mugged, patience is running thin for individuals and companies who do not take the most basic measures to protect themselves. The recent comments by Bernard Hogan Howe, the Metropolitan police commissioner concerning online fraud victims, though ill-judged, have come from this frustration**.
Customers will not use organisations who they feel are careless with their data. So it is in the best interest of companies to not only protect themselves with software but to also encourage a mindset of data hygiene within their staff. There are benefits from this approach for the staff members themselves, who will also be consumers outside of work, and being able to transact business online safely helps the economy and wider society. So we all need to think before we click.
Use our guidelines for new staff data security training to help instill good data hygiene practices.
*IoD Policy Report March 2016 – Cyber Security: Underpinning the digital economy
** http://www.bbc.co.uk/news/business-35890028