June 20, 2017

Staffing Up? 7 Critical Data Security Training Strategies

Data protection experts say that the workforce should act like a ‘human’ firewall to keep data safe.

But data security training seems to be lagging because careless and negligent employees are one of the biggest security risks in the workplace today.

In a 2016 report by Experian and Ponemon, Managing Insider Risk through Training & Culture, 66% of respondents said their employees are the weakest link in their security; and 55% said their organization had a security incident or data breach due to a negligent or malicious employee.

Start building your human firewall with these data security tips for training new and long-time employees on information security.  

1. Be serious about security from the get-go. To lay a solid foundation, schedule security training during new employee orientation. Provide an Information Security Policies and Procedures document – and go through it.  

2. Create a highly visible culture of security in the workplace.

  • The C-Suite should set good examples in confidentiality and behavior.
  • Have on-going training, and send security reminders in employee communications.
  • Embed security in work processes – for example, ID cards or biometrics to access the office, and a Clean Desk Policy.  

3. Support the workforce with the best and latest IT safeguards. Install anti-virus and other safeguarding software on all devices. Schedule automatic updates and patching. But set clear rules for what employees can install and keep on work computers.  

4. Address current threats:  

  • Phishing and ransomware: Phishing scams lure people to open malicious attachments or links. Verizon research shows that 30% of phishing emails are still opened — up from 23% in 2015. Ransomware targeting individuals is also on the rise. Train employees to recognize different malware.
  • Password protocol: According to Verizon, 63% of data breaches involve a weak, default or stolen password. Use strong passwords (a combination of letters, symbols and upper and lower case) and different ones for every account. Store in a safe place (not on a sticky note).
  • Unsecure network connections: Do not send confidential information using public Wi-Fi.  
  • Social engineering: Teach employees to avoid sharing confidential personal or corporate information on social media websites.
  • Mobile devices: Manage mobile devices with privacy safeguards.

5. Create a team mentality. Employees should be taught to watch for strange actions online but also unusual behavior by colleagues.

6. Be creative with data security training for employees:

  • Apply security practices to personal use of technology – to make training more relatable to employees.
  • Engage and motivate employees with rewards and incentives (for example, incorporate points programs and gift cards; reward departments who excel in security policies).
  • Fake or practice response to a phishing attack.

7. Teach secure data disposal. Classify, label and store documents properly (paper must be locked away while digital information must be encrypted or password protected). Purge regularly, and partner with a document destruction company for secure paper and digital data destruction services. A Shred-it All Policy should instruct employees to securely destroy all documents that are no longer needed.

Start Protecting Your Business 

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.