One of the most notable developments, says SkillSoft, is the increasing popularity of its ‘Privacy and Information’ course, especially from within the environment, safety and health sectors of both government and industry. A recent security incident in Scotland involved the loss of data sticks stolen from an employee’s house and containing unencrypted personal health data. “Organizations that use memory sticks to store personal information must make sure the devices are properly protected,” commented Ken Macdonald, assistant commissioner at the ICO. “Encrypting the data means that the information will remain safe even if the device is later lost or stolen. It is also important that employers provide home workers with guidance on how to keep any personal data taken outside of the office secure, as this is potentially when the information is most vulnerable.”
But encryption is rarely used in practice, a problem exacerbated by increasing home working, mobile working and mobile devices within business. A new survey by Harris International for ESET (February 2012) shows the extent of this problem. Where staff use their own devices for company work, only about one-third use any form of encryption. Device auto-locking with password protection is enabled by less than half of laptop users, less than a third of smartphone users, and only one in ten tablet users. So even where the technology is available to users, security still depends on them actually using it.
User education is necessary, and user education is the prime purpose of the SkillSoft privacy and information training course. “The ability of a business to protect private information it collects as part of its business is only as strong as its weakest link – the human factor – something that technology just can't overcome,” says SkillSoft.
One problem for business is that ‘security’ is not a subject easily taught in schools. “The basics are generally covered,” Tony Glass, SkillSoft’s vice president of sales told Infosecurity, “but the industry is moving at such a pace there is little chance that the curricula at schools and colleges can maintain pace with the requirements and knowledge required on the frontline of IT security.” He points to the recent and rapid evolution of social networking as an example, where the new balance between openness and security has developed after most people have left school.
This is the gap SkillSoft seeks to fill. “When you factor in damage to reputation and costly fines,” says Kevin Young, head of SkillSoft EMEA, “a serious data breach could quite easily cause a business of any size to fold. It makes no sense to gamble with the information your business holds, which is why we’re seeing such interest in courses which help businesses understand information security.”