New Employees? 7 Critical Data Security Strategies To Learn
Data protection experts say that the workforce should act like a ‘human’ firewall to keep data safe.
But data security training seems to be lagging because careless and negligent employees are one of the biggest security risks in the workplace today.
In a 2016 report by Experian and Ponemon, Managing Insider Risk through Training & Culture, 66% of respondents said their employees are the weakest link in their security; and 55% said their organisation had a security incident or data breach due to a negligent or malicious employee.
Here are 7 data security strategies on for training new and long-term employees on information security.
1. Be serious about security from the start. To lay a solid foundation, schedule security training during new employee induction. Provide an Information Security Policies and Procedures document – and run through it with new employees to make sure it has been understood.
2. Create a highly visible culture of security in the workplace.
- Senior Management should set good examples in confidentiality and behaviour.
- Implement ongoing training, and include security reminders in employee communications.
- Embed security in work processes – for example, ID cards or biometrics to access the office, and a Clean Desk Policy.
3. Support the workforce with the best and latest IT safeguards. Install anti-virus and other safeguarding software on all devices. Schedule automatic updates and patching. But set clear rules for what employees can install and keep on work computers.
4. Address current threats:
- Phishing and ransomware: Phishing scams lure people to open malicious attachments or links. Verizon research showed that 30% of phishing emails are still opened — up from 23% in 2015. Ransomware targeting individuals is also on the rise. Train employees to recognise different malware.
- Password protocol: According to Verizon, 63% of data breaches involve a weak, default or stolen password. Use strong passwords (a combination of letters, symbols and upper and lower case) and different ones for every account. Store in a safe place (not on a sticky note!)
- Unsecure network connections: Do not send confidential information using public Wi-Fi.
- Social engineering: Teach employees to avoid sharing confidential personal or corporate information on social media sites.
- Mobile devices: Manage mobile devices with privacy safeguards.
5. Create a team security mentality. Employees should be taught to watch for strange actions online but also unusual behaviour by colleagues.
6. Be creative with data security training for employees:
- Apply security practices to personal use of technology – to make training more relatable to employees.
- Engage and motivate employees with rewards and incentives (for example, incorporate points programmes and gift vouchers; reward departments who excel in security policy compliance).
- Fake or practice response to a phishing attack.
7. Teach secure data disposal. Classify, label and store documents properly (paper must be locked away and digital information must be encrypted or password protected). Declutter regularly, and partner with a document destruction company for secure paper and digital data destruction services. A Shred-it all Policy should instruct employees to securely destroy all documents that are no longer needed.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and data security survey.