Stop confidential data leaks in corporates by training non-IT staff: CICRA

Monday, 5 May 2014 00:00 - - {{hitsCtrl.values.hits}}

Sri Lanka’s leading cyber security training and consultancy provider yesterday urged top corporates to prevent confidential data leaks and disruption to company IT infrastructure by training non-IT staff on computer security. “Virus guards and firewalls are not enough at all to prevent confidential data leaks in the corporates. It is important that the corporates train their non-IT staff, especially those who handle finance, marketing, operations and human resources,” CICRA Consultancies Ltd. Director/CEO Boshan Dayaratne said.

Human factor the weakest link “In a test to evaluate how easy it would be for hackers to social-engineer employees and gain access to computer systems, the Department of Homeland Security in the US has found the human factor to be the weakest link in cyber security,” Dayaratne said. “This risk is higher since IT departments today cannot really control the smartphones and other personal devices that the employees use in their day-to-day life. In the US alone, at least 4,455 instances of data breaches are reported which exposed more than 626 million records to the hackers and competitors since 2005. As companies gain a much clearer perspective on the actual extent of security incidents, they’re discovering that the greatest compromises are to data,” he said. “For example, someone can install a keylogger on a computer used by the CEO, his secretary or a top finance manager, and all keys typed by the computer user can be communicated to a hacker or a competitor,” he said. Specialised training programs To facilitate corporates to secure their confidential data and prevent disruption to their IT infrastructure, CICRA is conducting dedicated and specialised training programs for non-IT employees. “These programs enables the computer users to build on their existing skills and achieve better efficiency in using computing resources by educating them on practical aspects of security and networking,” Dayaratne said. “These trainings are about empowering the knowledge worker with the information necessary to compute securely, network efficiently, and be in control of the computing environment. Through these trainings, corporate non-IT staff will have the knowledge and necessary skills to guard information assets,” Dayaratne said. CICRA computer security training programs for corporate non-IT staff deal on topics including information security and legal compliance, secure email communication, secure mobile phones, harden the web browser security, set up of a secure personal network and familiarise with data encryption and encryption standards.