Data is one of the most important assets a modern business has. Employees are the ones who manage that data. So it makes sense for those employees to be well versed in looking after it, for the benefit of the business.
Informed staff will reduce your business’s risk
As with all things involving teamwork, the team is only as strong as its weakest link.
Your cyber security strategy is a good example. It’s your least-savvy employee who, with one click, can put your whole team’s work at risk.
Research by the Ponemon Institute (Insider Threat Report 2018) shows that employee or contractor negligence accounts for more than 50% of breached security incidents. That’s huge, and quite frightening if you consider that some employees might not realise they’re being negligent in the first place.
Cyber criminals bank on employees being ignorant, and therefore target them above anyone else when they send out phishing emails and make other cyber attacks. They can be pretty sure that someone, somewhere, isn’t up to date with cyber safety etiquette.
Human error is excusable, but some mistakes aren’t anymore, such as using the same passwords for different applications and storing passwords insecurely, clicking on suspicious links and opening dodgy email attachments. These kinds of mistakes are due to a lack of basic training and security awareness.
You need to tell your employees:
- The impact a data breach can have on a business and on each employee
- The different ways that cyber attacks can happen
- The latest techniques being used by hackers
- How to recognise and deal with suspicious emails
- How to create strong passwords
The data privacy regulations your company needs to comply with
- Your business’s mobile device policy: mobile phones, audio players, digital cameras, ipads, memory sticks
There are a number of ways to carry out staff training.
Using all, or at least some, of these methods will result in a staff that is empowered and equipped to protect your business’s data:
- Enroll staff members in an e-learning course – (hint-hint 😉 )
- Provide on-demand video training
- Hold a regular (at least monthly) newsletter or chat session to report on the latest techniques being used by hackers
- Give frequent reminders about good cyber practices
- Train new staff members when they arrive
- Offer incentives to reward employees for promoting security
- Provide the opportunity for cyber security accreditation
Mandatory training for data privacy
Under the General Data Protection Regulation (GDPR) staff awareness raising and training is mandatory for all businesses that collect, hold or process personal data. The intention of this regulation and others like the pending Protection of Personal Information (POPI) Act in South Africa is to develop a culture of data protection that will reduce the risk of cyber attack and data breach.