Every company concerned with managing business risks must assign a Chief Education Officer to develop risk awareness campaigns and reinforce corporate policies. In the area of information security, most companies provide limited awareness and education to comply with privacy and security regulations and hardly think about employee education as a way to manage business risks including incidents and related costs, lawsuits and negative corporate image, employee turnover and disloyalty, and reduced profit margins.
Most companies think of employee education and awareness as a mandatory and costly effort. Employee training should not be treated as an obligation to comply with laws but rather a process to manage business risks by creating synergy, reinforcing standards, improving business processes, and effectively complying with the laws. Employees who lack awareness about the risks facing their companies and education about how to manage the risks and related consequences in accordance with the corporate policies and standards create unimaginable problems for their companies. Not only employees who lack sufficient training to protect consumer information and prevent incidents of privacy disclosures and security breaches place unnecessary burden on other corporate groups by constantly asking the same questions or ceaselessly reporting issues to management and help desk, they can ruin a company’s reputation and inflict costly lawsuits upon them.
Typically, employee awareness and education is handled by their respective groups. For example, information security training is usually handled by the information security group. This makes sense since most groups have specialized and well trained staff who can assist with planning and execution of an awareness and education campaigns. However, as various groups independently provide employee training as part of their functions and without the central coordination of a Chief Education Officer, they place unnecessary burden on employee schedule and memory due to redundant and overlapping training areas while increasing the total training cost for the companies. For example, most regulated and large companies have separate and multiple privacy and information security groups for the reasons that I have yet to comprehend. The idea of a Chief Education Officer is even more compelling for companies that have decentralized groups which provide their own training to the employees. The education officer can coordinate the efforts for developing training materials and scheduling sessions when possible to plan and execute a comprehensive and integrated employee training that satisfies all groups. This doesn’t mean that specialized groups should not help plan and execute required training as they are the most knowledgeable for their respective areas and should be heavily involved, however, an education officer can coordinate communication amongst the various groups to develop the scope, required training materials and schedules. Who knows, maybe a centralized education officer can even be a tool to improve communication between decentralized groups and create synergy within the company.
In conclusion, companies should see employee training as a tool to help manage business risks and as such assign a Chief Education Officer to coordinate the appropriate training for all employees at all levels and within all groups. Providing employee training for regulatory compliance purposes is like managing only one business risk while ignoring others. With a well coordinated employee training program, companies can improve their business while ensuring long term employee and customer satisfaction.
Effective identity protection requires dynamic and integrated solutions. This site provides awareness, education and many solutions to address the growing problem of identity theft. Please sign up for the Identity Protection Insights newsletter to receive periodic notification of important articles and solutions, major identity theft news analysis, fraud alerts, and other service announcements.