October is National Cyber Security Awareness Month. This week, the focus is on creating a culture of cyber security at work. For TITUS, helping to create a culture of security is a cornerstone for our solutions.
Implementing digital and technology security solutions within an organization usually involves several components, including secure network gateways, data loss prevention systems, and encryption. But with the rapid explosion of mobile devices that can store gigabytes of data and the easy access to cloud sync and share services, it is difficult for technology and IT teams to keep up and ensure that users are not accidentally leaking sensitive information. It is essential, therefore, that your users understand digital security risks and correct policies for sharing information.
To foster a culture of security, organizations need a solution that will:
- Educate and remind users about data security
- Empower users to take responsibility for data security, and
- Enforce security policies to protect users from their own mistakes.
TITUS Classification applies the email or document classifications as visual markings which clearly identify to the user the sensitivity of the information. Completely customizable, TITUS Classification headers and footers in emails, documents, presentations, and spreadsheets ensure that users are always aware of the value of the information they are handling. There can be no, “I didn’t know this was sensitive information” excuses as the classification is clearly visible on screen or when printed.
While user driven classification is not mandatory (TITUS can be configured to apply classification automatically based on a number of content, environment and contextual variables), most of our customers want their users to be actively engaged in cyber security. They want their users to stop, think, and consider the value of the information they are creating and sharing. This modification to the users’ workflow is negligible from an efficiency perspective, but hugely influential from a security culture perspective. Classification can be applied with as little as a single click. With that click, the user becomes more aware and accountable for the information being shared. Speaking from my own experience, the act of applying classification and seeing the classifications applied by others has heightened my awareness of data security. I sometimes find myself second guessing the classification of emails and documents sent to me by colleagues, and occasionally suggest a change. Sometimes, I am the one being corrected. The end result is that there is a conversation taking place about data security among staff, something that never took place in my career before I was asked to classify.
But while heightened security awareness is great, users will still make mistakes. Thanks to the TITUS Classification policy engine, users are given the chance to correct mistakes before they happen. TITUS policy alerts appear before the internal email is sent to unauthorized recipients, before the file is printed to an unsecured location, or before a highly sensitive file is uploaded to an unauthorized cloud storage service. Completely customizable to suit the education and workflow requirements of customers, TITUS policy alerts can provide details to the user about why the action is a threat, provide automatic remediation, or even empower the user to continue with the risky action once the user provides justification.
There are a lot of cyber security benefits to implementing TITUS Classification, but key among them is the influence over user behavior and security awareness. How are you creating a culture of security in your office? Posters on the wall in the lunch room, or direct engagement with the staff who are working with sensitive data?