Embedding security: When technology is no longer enough

Management consultancy PricewaterhouseCoopers (PwC) is aimed towards training staff in appropriate data-handling techniques to achieve a desired level of data security and reduce organizational vulnerabilities. The firm undertook a '2010 global state of information security survey', and found that while nine out of 10 large companies had security policies, only 48% of UK organizations had introduced any kind of employee awareness program to back them up. It is found that proactive education and training campaigns are crucial to bridge the gap between action and consequences related to data security. Bupa is an another firm that introduced a staff awareness campaign in order to back up its data security policies. A campaign was started in this direction in two phases of identifying senior managers who could act as security champions and introducing a poster campaign that consisted of existing corporate advertising images of customers.