Training can be the Antidote to Information Risks in the Workplace
Last week, we shared a clean desk policy quiz
, which can help you understand how employee behavior and internal protocols could make your workplace vulnerable to security threats. Employees are often an organization’s greatest strength and weakness when it comes to privacy and information security – human error can cause notable damage to a company’s reputation, but also, a well-trained employee can be the difference between a secured and a risky work environment. In fact, Shred-it’s 2019 Data Protection Report
uncovered that that 52 per cent of C-Suites and 40 per cent of SBOs report human error or accidental loss by an employee/insider to be the main cause of a data breach.
Proper training and internal communication about security protocols can help reinforce the critical role
employees play in protecting organizations from potential breaches.
How can companies use training to help employees become vigilant in reducing the risk of a data breach?
1. Be wary of incoming threats: educate employees on phishing and other online threats
Employees and internal error are a prominent source of information security risks. Social engineering and phishing can trick employees into helping criminals initiate attacks. Organizations should train employees to recognize Business Email Compromise and phishing e-mails. Organizations should also have a strict protocol in place to report such e-mails and threats.
2. Empower employees with both theoretical and technical training when it comes to information security
Security experts say that the best security technology such as firewalls and password protection will fail if employees do not know how to identify and avoid security risks. Training must provide both theoretical and practical in order to be the most effective.
3. Committing to a culture of security through company-wide training, effective communication and employee ambassadors
Protecting confidential information must be a commitment from the top down, starting with the CEO and C-Suites. As part of a culture of security, training should provide employees with a comprehensive understanding of the office security policy in order to enable them to make mindful decisions when it comes to information security.
On-going training is critical for keeping security policies and procedures a priority in and out of the workplace. The 2019 Data Protection Report showed that many businesses in North America.
4. Engage employees.
Communicate security awareness and educate employees in different ways. For example, hang-up reminder posters
and include references in emails, memos, meetings and even promotions. A Clean Desk Policy helps keep work areas clean and tidy. A Shred-it all Policy
requires that all documents are securely destroyed when they are no longer needed.
To access more resources and empower your company about information security, or set up a secure document destruction service, contact us