The obvious and rather short answer is: everyone is responsible for the information security of your organisation. From the CEO to the Board to the call center operatives to the interns to the kids on work experience from school, if that still happens.
Some are more accountable than others, some have a clear legal responsibility, and everyone should consider themselves to be part of a concerted normal practice of digital security. Especially the ‘lower level’ employees, the people who are probably most aware of problems such as weak passwords, lack of encryption, overly accessible folders of clients information, and so on.
Try MBWA. Managing By Wandering Around. If you want to really find out what your companies digital vulnerabilities are, you could do a lot worse than asking the people who use the systems every day.
Copy in the same attitude that everyone in an organisation is responsible for customer service. They’re interrelated; digital security is a clear component of customer satisfaction. Just ask any telecoms company dealing with the fallout from not fully appreciating this. The risk to customer satisfaction levels, if your customers account details are stolen by criminals, is absolute.
Bottom line, organisations need to train all staff in basic digital security. Have a system in place for reporting vulnerabilities within individual departments and keeping everyone informed if and when new threats emerge.
It’s not difficult, it’s not extra ordinary, it’s part and parcel of business in 2016.
Otherwise, if responsibility is siloed to a specific individual or department, the defacto consequence is that other people and other departments are not responsible, and therefore inadvertently make life much more difficult for T.I.M, or whoever is to blame when it all goes pear.
[author title=”Bird Lovegod” image=”http://thefintechtimes.com/wp-content/uploads/2015/12/JS-9721.jpg”][/author]