“Careless talk costs lives” was one of the slogans on posters displayed during the Second World War. It was a warning to people to avoid discussing confidential matters in public places, where spies could eavesdrop on vital secrets. Many people also know the saying “wall have ears”. Yet in enterprises and other organizations, too few employees make the connection between that maxim and the need to improve precautions in the way they handle information at work. When data breaches or intellectual property theft has occurred, the problem was often that employees were simply unaware of the need to be more careful.
This is one case where perception is not reality. Research from IT security vendor Clearswift suggests that almost three-quarters of employees in the US think their company provides enough training on how to safeguard confidential information. Yet other findings by Clearswift include an observation that about two thirds of employees do not realise the negative impact that the loss of crucial business information could have on their enterprise. Add in the statistic that access to intellectual property is granted to over half of all employees in the US, and it becomes clear that perceived safety is in fact real risk.
One of the challenges is to change the mindset of employees and to inculcate security-conscious behaviour to protect sensitive information. Another, however, is to help employees recognise what such sensitive information is in the first place. Recent high-profile cases of data theft have raised awareness about the need to protect customer, patient and employee personal information. However, employees still frequently ignore the value of intellectual property, leaving their enterprises exposed to the risk of leaks of IP to third parties. Only training and awareness campaigns (with posters, why not?) can help bring the levels of information security up to where they should be.