As more and more business processes are handled by computers, the need for staff who are not only trained in how to use computers, but also in how to take precautions against data theft is becoming extremely important. Hundreds of incidents of data security breaches take place each year as a result of employee mistakes, and more often than not these occur simply because employees haven’t been provided with sufficient training about cyber security.
1. Initiate Simple and Routine Employee Testing
One of the clearest ways to find out which of your employees is most vulnerable to unwittingly “opening the door” to data thieves is through thorough and regular testing. The US Agency for International Development has created a handy security quiz that can be downloaded from their site via the Information System Security Line of Business program. By conducting tests on a monthly basis, you will be able to identify which employees need to undergo extra data security training.
2. Use Employees to Test Your Own Security
By bringing in employees into vulnerability assessments, you can ascertain they are learning the practical aspects of their security lessons. Compile a vulnerability assessment team from your own IT staff and have them try to discover as many passwords as they can, by carefully probing and checking for any security lapses, which includes passwords being written down on sticky notes, phishing scams, or even performing bogus phone calls to try and extract information from other company employees. Not only is it fun, but they will learn a great deal.
3. Educate Employees About Home Computer Security to Put Things into Context
The idea behind this one is that employees who understand how to safeguard their own private information will learn good habits and implement them at work too. It’s easy to frighten people about how at risk they are, so do so and then educate them about how they can protect themselves. You’ll see the basic principles are the same. Just with organizations the possible risks and repercussions are on a much larger scale.
4. Introduce Consequences for Sloppy Practices
A kind of carrot and stick approach can be very effective. For employees who make mistakes or fail tests, they can be given a series of warnings, with a third warning resulting in immediate disabling of employee access to computers systems until remedial training has been completed.
5. Remember, Training Has Its Limitations
No matter how good your training methods are, you can only expect to accomplish so much. There is always a chance of security breaches, especially when involving particularly ingenious phishing or malware schemes. Additionally, an employee may just decide to flagrantly disregard company policy and all that they have been taught. For this reason, a layered approach to security is required. Employee training can only do so much, you also need to invest in the best data security software and invest in monitoring detecting lapses in security.
