“Everyone in the corporation must understand that part of their job is to be a security officer – employees must know and practice security daily,” he said.
When asked ‘who is responsible for data on a day-to-day basis?’ They always say ‘no, not me, that guy over there is [the CIO], I just use the data’ - That’s the wrong answer.”
Flores suggested that moving forward, official employee evaluation methods should incorporate a review on a staff member’s knowledge and practice of security.
“Employees have to be continually educated. Educate them again and again. And again. Not just once when they enter the company, which is then long forgotten by the time they leave the company.”
Sign up for CIO Asia eNewsletters.