Data Security – What you can do to train your staff
When it comes to data security, it’s people — not systems — that represent the greatest threat. Firewalls, antivirus software and even the most sophisticated security measures can only go so far. If a staff member loses their smartphone, tablet or flash drive, all bets are off; if the device ends up in the wrong hands, businesses could be dealing with problems far bigger than a missing piece of hardware.
However, it’s not just physical loss that can put data at risk. Small businesses are attractive targets for cybercriminals since they typically don’t have as significant protection methods as large corporations. Moreover, it only takes a moment of inattention to cause a problem— like when the J.P. Morgan employee clicked on a malicious link.
It only takes a single incident — a shared file, poor password management or deliberate data theft — to kick off a chain of events that can escalate dramatically.
It’s All About the Users
The proliferation of bring-your-own-device (BYOD) brings more danger to the small business’s computer system. That is why it’s vital that employers and employees be on their toes when it comes to security.
It only takes a single incident — a shared file, poor password management or deliberate data theft — to kick off a chain of events that can escalate dramatically.
Training is the key. While it is important to have the full suite of security technologies installed on a network, it’s equally important to ensure all employees understand their responsibilities, and that the IT department enforces policies and procedures.
Responsibility Sits with IT
IT departments should take the lead in training users about the risks their actions may present. That does not mean a one-off, in-one-ear-out-the-other approach.
Best practices for such training include:
- Train early, train often. Employees come and go. Train them as soon as they come on the job and train often to keep up with changing technologies, apps and potential threats.
- Keep it simple. Avoid unnecessary jargon and keep presentations non-technical. Concepts and terminology that are familiar to IT departments may be alien to end-users.
- Always explain. Unless a user understands why a rule has been put in place, they are likely to ignore it. IT departments need to give very clear explanations.
- Share examples. It helps to provide real-life examples of good practices (e.g. how to spot a virus-filled email) and bad (e.g. what happens when an email virus is unleashed). This helps make the consequences more real four the listeners.
- Involve all levels of employees. It’s not just managers who need training. Every employee who has access to a computer has the potential to open the door to malware.
Training methods
There are a few easy ways your IT department can familiarize staff with data security:
- Create short videos of training basics, and make them readily accessible.
- Send fake malicious emails to keep staff on their toes.
- Keep communicating face-to-face with employees about data security.
The IT department needs to be vigilant in promoting awareness for data security. Are you communicating clearly enough? A partnership with GreenQube can help. Not only do we make sure your business is protected with the most current virus protection and firewalls, we partner with you to train your employees to help provide an additional yet vital layer of data security that makes your business (and its data) even safer.