Our recommendations for new staff data security training
It’s often said that people are the weakest link in cyber security, but – like a muscle – cyber security can be strengthened with training and practice. We find that the best way to ensure a chain that’s free of weak links is to train staff on data and cyber security from day one, and keep that training going.
Recently, we’ve proudly been expanding our team here at Beaming and for all new members of staff, cyber and data security training are given the highest priority during induction. In week one of their training (before they’re allowed access to our network) we ensure that everyone is put through our new staff data security training.
As our new recruits discover, data security is about ensuring customer and staff confidentiality, as well as keeping your own business information safe from competitors or those with malicious intent, so sharing too much company information is a big no-no. However we can briefly outline the main topics covered in our training.
Follow our 6 point plan to make your employees more cyber security confident.
- Data security is about the CIA. It is everyone’s responsibility to ensure that we maintain the Confidentiality, Integrity and Availability of the data we hold. Make sure that staff members understand what each of these means in relation to data security.
- Password practice: Do not use the same passwords at home and at work. Follow our guidelines for choosing a strong, memorable password.
- Avoid removing any work documents from the business’s secure network in order to work from home.
- Be conscious of what’s happening around you. Don’t discuss confidential company information on a crowded train or work on documents in a public cafe (especially using free wifi!) where people may be able to “shoulder surf”.
- Phyiscal security is also important, when you enter and leave the building you work in, make sure you’re not followed in. Don’t be afraid to challenge anyone you would not expect to be entering the premises.
- Always report anything suspicious, even if you’re worried you may have done something wrong. It’s important to create a culture where people are not afraid to report a possible breach, especially now since the GDPR stipulates that a breach must be reported within 72 hours of discovery.
Of course, each business will have its own unique quirks based on its industry, internal structure and physical surroundings. We find that the above points are a great place to start. In addition to delivering training, make sure that it is documented and that participants sign off to agree that they have received it.
We’re aware that no one will ever remember every single thing from one training session, but as time goes on we make sure to reinforce our security messages with on-going training and creating a culture where everyone supports each other to prevent the business being a victim of cyber threats.
A cyber attack could cost you your business
More news from Beaming
What can be used as a Kilostream replacement?
If your attempts to find a Kilostream replacement that ticks all the boxes have been frustrating, you need to talk to a provider that really understands how to design, quickly implement and manage resilient networks.
Cyber report 2019: Volume of attacks doubles
The volume of online cyber attacks on UK businesses more than doubled in 2019, with organisations subjected to 576,575 attacks each.
Quiz: How much do you know about phishing?
According to Beaming’s research, 25% of businesses fell victim to phishing last year, making it by far the most likely route of entry for cyber crime against your business. Share this quiz with colleagues to test and improve your knowledge.
How do business leaders deal with the pain of cyber attacks?
Earlier this year we asked an independent research firm to speak to more than 200 senior business leaders whose companies had fallen victim to cybercrime in the preceding 12 month period.
3 million UK SMEs risk losing data
Bad backup practices are putting business data at risk of loss. Do you adhere to the ’30 mile data recovery rule’?