Why is it necessary to improve employee security literacy? Approaches to enhancement

As business digitization progresses, improving employee security literacy is becoming as important as tool implementation. It is not uncommon for companies to suffer damage from external attacks, as well as for damage to be exacerbated by human error or a lack of security knowledge among internal personnel.

This article will introduce the background behind the demand for improving employee security literacy and how to improve it.

What is Security Literacy?
Background to the Demand for Improved Employee Security Literacy
1. Increased Cybercrime
2. Penetration of DX
3. Promotion of Work Style Reform
Expected Effects from Improving Employee Security Literacy
1. Strengthening Security
2. Promotion of Active Digital Utilization Accompanying Improved IT Literacy
Approaches to Improving Security Literacy
1. Review of Internal Rules
2. Implementation of Company-Wide Training
3. Implementation of Regular Alerts
4. Introduction of IT Tools with Excellent Security
Summary

1. What is Security Literacy?

In a word, security literacy is knowledge and experience related to information security. It is necessary to understand what kind of cybercrimes are causing harm to what targets, what to do in the event of a cyberattack, and how to behave on a daily basis to avoid cyberattacks.

In the past, security measures were only sufficient to install antivirus software. However, as cyberattacks have become more complex and the amount of damage they cause has become enormous, companies are required to improve their security awareness thoroughly.

2. Background to the Demand for Improved Employee Security Literacy

It was once thought that security measures only needed to be understood by those in charge of information systems within an organization, but today, improvement of company-wide literacy is required. The following three reasons can be given as the background to why the spread of security literacy has become necessary:

2-1. Increased Cybercrime

The first is the increase in cybercrime. According to a survey announced in April 2022, the number of people who have experienced cybercrime in Japan from 2021 to 2022 is estimated to reach approximately 16.2 million.

Reference: https://news.mynavi.jp/techplus/article/20220330-2307476/

In addition, the total amount of damage associated with cybercrime is said to be approximately 32 billion yen, an increase of 10 billion yen from the previous year. Not only are there financial losses, but the amount of time that victims spend resolving the problem is also enormous, with an average of 2.5 hours per person and a total of more than 41 million hours spent recovering from the crime, resulting in significant losses in terms of production.

While many people are concerned about the leakage of personal information, there is also a survey result showing that understanding of how to respond when actually suffering damage and effective countermeasures is not progressing, and improvement of security literacy throughout Japan is required.

2-2. Penetration of DX

The second reason is the penetration of Digital Transformation (DX). DX, which involves introducing the latest digital tools to an organization and executing business reforms, is an urgent issue for Japanese companies, and many companies are rapidly promoting digitization.

However, on the other hand, although the framework and tools of DX have been introduced, education for the employees who handle them has not progressed sufficiently, and there are cases where they suffer from the negative effects of digitization due to reasons such as not being able to effectively utilize the tools or having weak security measures.

With the spread of DX, systems within the company have been integrated and can be operated efficiently. However, if security measures are inadequate or employee literacy remains insufficient, operations will be carried out with significant security risks. In order to improve this situation, it is necessary to improve employee security awareness and strengthen measures.

2-3. Promotion of Work Style Reform

The third reason is the promotion of work style reform. While new work styles such as remote work and workations are being adopted by many companies, and employees are pursuing a better work-life balance, it is important to pay attention to the fact that security risks are increasing.

The use of public Wi-Fi, loss of smartphones and laptops, and the use of personal PCs all pose significant risks that threaten the information security of companies. It is necessary to protect confidential information from external threats by thoroughly educating employees about security literacy and reviewing these operating methods.

3. Expected Effects from Improving Employee Security Literacy

Companies can expect multiple benefits from improving employee security literacy.

3-1. Strengthening Security

The first benefit is strengthening security. By improving literacy, employees will be able to proactively judge and avoid risky behavior.

As a result, the risk of information leakage due to human error or being harmed by cyberattacks can be minimized.

3-2. Promotion of Active Digital Utilization Accompanying Improved IT Literacy

The second benefit is that it promotes digital utilization. By deepening knowledge of security and sharing company-wide standards for what is acceptable and what is not, clean digital utilization can be promoted.

If the digitization of operations has not progressed from the perspective of information security, improving literacy can advance a series of initiatives.

4. Approaches to Improving Security Literacy

Finally, let’s also confirm specific approaches to improving employee security literacy.

4-1. Review of Internal Rules

The first is to review the company’s tool operation rules. Restricting actions that lead to information leakage, such as the use of personal PCs, public Wi-Fi, and taking company PCs out of the office, will help avoid unnecessary risks.

Review the on-site operational system and specifically define operational policies with low security risks.

4-2. Implementation of Company-Wide Training

The second is to implement training aimed at improving company-wide literacy. By regularly conducting training to deepen understanding of security risks and their countermeasures, it is important to update employees’ knowledge of security to the latest state.

It is necessary to conduct training not only for employees in the information systems department but also for those in sales and general affairs departments, and to work to deepen understanding of information security widely.

4-3. Implementation of Regular Alerts

The third is to implement regular alerts. This is an initiative to share the methods of cyberattacks that have been occurring frequently recently and actual damage cases, and to enlighten what threats to prepare for.

The methods of cyberattacks are becoming more complex every day, so even if it is not possible to completely understand the mechanism, it is necessary to convey when to be vigilant.

4-4. Introduction of IT Tools with Excellent Security

The fourth is the introduction of IT tools with excellent security. It is a good idea to use services that meet the company’s needs, such as operating internal communication tools that do not have to worry about suspicious messages arriving from outside, or using highly protected cloud storage.

Summary

This article has introduced the reasons why employee security literacy should be improved and specific approaches to improving literacy. With the increase in cybercrime and the increase in opportunities to utilize digital tools, the need to cultivate security awareness company-wide is increasing.

First, it is a good idea to grasp the security risks that should be resolved within the company, and then promote employee education and the introduction of countermeasures tools.

If you have any questions, please contact globalsupport@jiran.com.