We recently conducted a project focused on confidential data security [enterprisestrategygroup.com] that will be published soon. However, here are some interesting advance results that support this venerable security dictum. ESG asked 308 North American and European security professionals from large organizations (i.e. 1,000 employees or more) a number of questions about data security risks, policies, and technology safeguards. When asked to define the most important measures for protecting confidential data, nearly half of all respondents said, “communicating and training users on confidential data security policies.” This was the top response followed by, “physical security,” and “access controls for private data.”
Now here’s the scary part. When asked to rate their organizations performance with regard to, “communicating and training users on confidential data security policies,” more than one-fourth of security professionals gave their organization a rating of either “fair” or “poor.” In other words, many organizations aren’t doing a good job in the most important aspect related to data privacy and security-communicating and training employees. Yikes!