As you have probably seen recently, Heathrow Airport recently had a data breach in the form of a USB stick that had been lost somewhere in West London. Amongst the highly sensitive data that the stick held, there was some personally identifiable information (PII) so the Information Commissioners Office (ICO) became involved and subsequently fined the airport company.
Apparently, only 2% of the staff at Heathrow had received any training about Information Governance / Data Protection. Naturally, the company is rapidly changing that and getting the appropriate staff thoroughly trained but this is a little bit late, it should have happened a long time ago. It makes you wonder: Why do companies, and people for that matter, have to wait until a crisis hits them before they behave responsibly? Is the standard state of mind really to be in denial to the extent that people put themselves, and others, into harm’s way?
Here’s what companies should do: KnowBe4 has security training, some of it specifically around USB sticks, and it is not expensive, nor does it take too much of time to do. Don’t wait until it’s too late, get training for your company so that you avoid those data breaches and all the trouble that goes with them.