The laptops, which were not secured by cable locks, locked away securely or encrypted, contained personal details, including names, addresses, national insurance numbers and salary details of around 1,000 staff.
Iain McLeod, Head of Compliance at SAI Global EMEA said: “Organisations have a responsibility to ensure that their employees understand the importance of information security both in and outside of the workplace. Appropriate training will ensure that staff are not only aware of the risks, but help them to understand the role they play in helping to protect sensitive data. Without adequate training employees will continue to make mistakes, and sensitive data will make its way into the wrong hands.”
The quality of information security and data protection training is a key issue for organisations. Paula Davis, Head of Client Services at SAI Global Compliance added: “Time and again we see organisations tackling training in the wrong way. Employees need to be engaged in information security and data protection issues, given practical examples and scenarios that apply to their own jobs, and shown how they can make a real difference. This will motivate employees to make positive changes. Simply communicating or providing access to key data protection and information security policies, whether it be via handbooks or elearning, is a wasted opportunity. Organisations need to be more innovative in their approach to training if they want to instill best practice in the minds of their employees.”
A free whitepaper, providing guidance to organisations on: ‘How to Make Security Awareness Training Truly Effective’, is now available to download for free at the SAI Global website: http://www.saiglobal.com/
# # #
About SAI Global Compliance
With offices in more than 25 countries and on 4 continents, SAI Global provides legal, compliance and risk management professionals with a broad range of technology enabled programs and consulting services that facilitate good governance and awareness of compliance, ethics and policy issues. This includes risk and culture assessments;