Contrary to popular opinion, cyber criminals are not the only ones causing data breaches today.
The 2018 Insider Threat Report from Securonix showed that negligent insiders are just as bad.
In the research, 51% of data security breaches and leaks were due to unintentionally careless employees or contractors.
With this in mind, it's clear that arming employees with information on how protect information has to become a priority in every workplace.
One of the most important ways an organization can protect confidential data is to train employees on security. Regular employee training helps create an informed and educated workplace culture and that will help reduce the risk of a data breach from occurring in the first place.
Having employee training is also the third most effective factor in reducing costs of a data breach (after ‘having an incident response team’ and ‘encryption’), according to the 2017 Ponemon Cost of Data Breach Study. On-going employee training reduced the cost of each compromised record by almost $17.
Experts agree that training has to be on-going and must teach them how to protect personally identifiable information in electronic form and paper.
Here are 5 important aspects of employee training.
- SECURITY THREATS: Educate employees on different security threats including malware like ransomware, viruses, insider fraudsters, and dumpsters divers, and what can be done to avoid them. Staff should know how a virus can crash a hard drive and that data remains on hard drives even if it has been deleted. Educate employees about social engineering and how it is used to trick computer users to download malicious software or provide confidential information. The Insider Threat Report showed that phishing attempts (67%) were the biggest vulnerability for accidental insider threats.
- BEST PRACTICES: All employees should be well versed in best practices that comply with privacy legislation and protect confidential information in and out of the workplace. Use tough-to-guess passwords (the Insider Threat Report reported that 56% of respondents use weak or reused passwords). Don’t use public Wi-Fi to transmit confidential information. When in doubt about emails, delete (don’t open). Do not download unapproved apps onto company devices. Securely destroy confidential information when no longer needed. Don’t leave mobile devices visible in vehicles.
- PHYSICAL SECURITY: Teach employees that the physical office has to be protected too. Utilize a sign-in system for visitors. Secure mobile devices and confidential papers when away from the desk and office. Examine the document workflow to make sure it is secure – from creation to disposal and destruction. Avoid writing confidential information on sticky notes. Use password protected screens.
- CULTURE OF SECURITY: Create a culture of security from the top down. The attitudes and values reflected in an organization’s security strategies, policies and procedures, and overall security thinking are the foundation of this culture. The C-Suite should set good examples in confidentiality and behavior too.
- POLICIES AND PROCEDURES: Embed security into the workplace. Have a Clean Desk Policy. Train staff in secure document management and destruction. Never recycle aging and obsolete computer hardware – have it properly destroyed. Implement a Shred-it All Policy so all information is destroyed when it is no longer needed.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.