Pentura has launched an informative e-learning portal to help businesses educate their staff on the importance of best practice in data security, and the key role they have in avoiding data breaches.
The portal, LearnwithPentura, features eight e-learning modules covering data security and computing best practice in compliance with ISO27001, the information security standard, and ISO27002, the Code of Practice which sets out that security issues should be addressed at employee level. The modules cover the use of removable media, responsible email usage, anti-phishing awareness, physical security, use of the web and social media, data classification, secure remote working, and an introduction to Data Loss Prevention (DLP). An example module can be viewed for free at: http://www.pentura.com/learning/index.php
LearnwithPentura enables businesses to manage the rollout of e-learning to all employees and any relevant third parties. It provides supporting e-learning for all levels of user, from new starters to internal migrations, to leavers. It gives a secure platform for users to access the materials with a unique username and password, with a test at the end of each module to gauge users’ understanding. It also features reporting on which modules have been completed by employees, and if any further training is required based on their test results.
Steve Smith, managing director of Pentura said: “As well as providing technology solutions for data security, we want to create a virtual community to assist businesses in educating and empowering their users, and to enforce corporate policies to help prevent unintentional security breaches and data losses at source. Even the most robust security technologies can be undermined if, for example, a member of staff accidently loses a USB stick containing sensitive information, or sends an email to the wrong recipient.”
According to a Ponemon Institute 2013 Cost of Data Breach report, the perception that malicious attacks pose the biggest risk to organisations is unfounded, as 63% of data breaches were the result of human or system errors.
Steve Smith added: “People can be the weakest link in any security strategy. By educating users on best practice policies, businesses reduce the risk of breaches and better meet their governance, risk and compliance requirements. It is crucial that companies operate a training and awareness programme that is easy to follow, doesn’t blind staff with technical jargon, and is very clear in what it is appropriate to do with corporate equipment and data.”
The LearnwithPentura modules cover the areas of security that pose the biggest security risks to businesses. However, this is just the start, as additional modules will be added to maintain and build on the education of staff over time and clients will be encouraged to feedback on which subjects they would like to add to the service. Current modules include:
· Removable Media – USB sticks, external disc drives and DVDs can easily fall into the wrong hands, or introduce malicious threats onto networks.
· Anti-phishing – awareness of the signs of ongoing phishing and spam threats.
· Physical Security – preventing company information going missing on hardware by taking simple preventative steps.
· Web and social media – following clear policies on access to and use of business and private social media accounts.
· Email – working within corporate email policies, as all too often business sensitive and confidential information is sent to the wrong person either by accident or maliciously.
· Data Classification – defining what is business critical, sensitive information.
· Remote Working – training on the issues involved with secure remote working.
· Introduction to DLP – understanding data loss prevention and the employees’ role.