Managers at Her Majesty's Revenue and Customs (HMRC) have launched an extensive retraining exercise for 85,000 employees, in a bid to avoid a future data security disaster.
In 2007, the organisation lost the personal details of all UK families in with a child under 16, affecting some 25 million people across the country.
Details of the retraining were this week detailed at the Human Factors in Information Security Conference in London (hfis.sparks.co.uk) by the man in charge of all security and business continuity issues at HMRC, Jeff Brooker.
The initial phase of the programme put security at the heart of HMRC's business strategy and in the performance objectives of every employee, he said, adding that HMRC's data security policy is based on “12 golden rules,” which include improving security consciousness and better behaviour around data handling, a data security rule book, data security workshops, and a dedicated security zone on the UK Taxman's intranet.
The latter also provides security tips, frequently asked questions and news, and enables employees to test themselves on security and report any security incidents or problems they see.
"The security zone provides employees with all they need to know about security on their computer, how to protect themselves and their information, and how to ensure a secure work environment," Brooker informed delegates.
HMRC has also invested significantly in communications to get its message out, employing internal staff publications, posters, documentation, training sessions over and above the intranet.
Other important changes included encouraging senior management to champion security and appointing data guardians in all 45 of HMRC's business units, he added.
As a result 97% of staff reported they are aware of the security policy, with 35% saying they referred to the rulebooks regularly.
But the next step may be to look at ways to make data security behaviour modification a permanent change – which may involve looking at ways to make being compliant for staff in their everyday roles as easy as possible. Using a driving analogy, Brooker claimed road safety surveys had proved 46% of people will follow the rules if they are easy enough to follow and getting higher than that 46% is the real challenge.
HMRC processes all of the income tax, National Insurance contributions, Value Added Tax and Corporation Tax due to the state – a figure of around £607bn in 2008.
