A Virtru Guide to Cultivating Security-Conscious Teams
We've all made mistakes. That's just part of being a human on planet Earth.
And, whether you're a CISO or an intern, you've also made mistakes when it comes to security—whether that’s accidentally hitting “Reply All” (so embarrassing), mistakenly sending a report to Sarah in sales instead of Sarah in human resources (oops), absentmindedly clicking on a questionable link (oh no), or quickly forwarding an email that turned out to contain sensitive information farther down the thread (oh NO).
So, what's a mere mortal to do when entrusted with vitally important information?
Don't panic: For all our flaws, humans can also make pretty great decisions IF we're empowered with the information and tools we need to do so.
Whether it’s an HR team onboarding a new employee,
A healthcare provider sharing test results with a patient,
An insurance agent managing a claim,
A special education teacher sharing a student’s individualized education plan with a parent,
Or sharing any other kind of potentially sensitive information,
It’s important that every team is empowered to do their jobs well, and that includes the ability to share data securely and confidently.
“Culture change is tough,” said Leroy Cunningham, Information Security Manager at CMI. “And people are used to doing things the way they’ve always done it. We try to create an educational shift, so if there’s anything that allows me to empower employees, and at the same time educate them, it’s win-win.”
Cunningham’s team uses Virtru’s configurable Data Loss Prevention (DLP) rules to encrypt some types of data by default—such as credit card information—but for some categories, Cunningham prefers to issue a warning, using that as a teaching moment.
“While Virtru provides us with a safety net, we also like the idea of being able to educate our users at the same time. So, instead of automatically encrypting something sensitive, we can let the users know and advise them to encrypt it. That way, there’s always a learning process in place.
"I think that’s key: keeping security top of mind and not creating complacency. It just reaffirms that thought process and, over time, it becomes second nature to them… These aren’t things that I can just teach them, it has to be something they can see and touch for themselves.”