Cyber Security Awareness Needs To Last Beyond October

Advertisement

Cyber Security Awareness MonthThe U.S. Department of Homeland Security (DHS) has designed October as National Cyber Security Awareness Month. But as we leave October, remember that data security is an ongoing challenge that requires continued vigilance not just from information system hacking, but also from employee error and other threats. Setting up a comprehensive training and awareness program is critical – and this outline can help you continue keeping your organization aware of cyber security throughout the year.

DHS’ purpose is to engage and educate public and private sectors through events and initiatives that raise awareness about cybersecurity, make certain tools and resources available, and increase our resiliency in the event of a cyber incident. This is a great effort and DHS collects helpful information and a number of resources for visitors to its site. But by selecting October to draw attention to cyber security, surely DHS did not intend that October be the only month that we think about this important area.

Advertisement

Earlier this year, the FBI reported a significant increase in ransomware attacks. Late last year, the Wall Street Journal reported on a survey by the Association of Corporate Counsel (“ACC”) that found “employee error” is the most common reason for a data breach. Training and creating awareness to deal with these continued and growing risks is critical. In fact, for many organizations, doing so will help satisfy legal requirements for securing data. And, it is a mistake to believe that only organizations in certain industries like healthcare, financial services, retail, education and other regulated sectors have obligations to train employees about data security. A growing body of law coupled with the vast amounts of data most organizations maintain should prompt all organizations to assess their data privacy and security risks, and implement appropriate awareness and training programs.

Here are some questions to ask when setting up your own program, which are briefly discussed in the FBI report above:

Advertisement
  • Who should design and implement the program?

    Advertisement
  • Who should be trained?

  • Who should conduct the training?

  • What should the training cover?

    Advertisement
  • How often should training be provided to build awareness?

  • How should training be delivered?

    Advertisement
  • Do we need to document the training?

No system is perfect, however, and even a good training and awareness program will not prevent data incidents from occurring. But in the absence of such a program, the question you will have to answer for your organizations likely will not be why didn’t the organization have a system in place to prevent all breaches. Instead, the question will be whether the organization had safeguards that were compliant and reasonable under the circumstances.

Advertisement

Jackson Lewis P.C. © 2016

Published by

National Law Forum

A group of in-house attorneys developed the National Law Review on-line edition to create an easy to use resource to capture legal trends and news as they first start to emerge. We were looking for a better way to organize, vet and easily retrieve all the updates that were being sent to us on a daily basis.In the process, we’ve become one of the highest volume business law websites in the U.S. Today, the National Law Review’s seasoned editors screen and classify breaking news and analysis authored by recognized legal professionals and our own journalists. There is no log in to access the database and new articles are added hourly. The National Law Review revolutionized legal publication in 1888 and this cutting-edge tradition continues today.