Maintaining online data security is one of the biggest challenges facing businesses – especially as flexible and mobile working now sees employees accessing information from a range of locations.
No company can afford to appear unreliable when it comes to cyber security. Here are four ways to promote its importance among all of your staff, rather than just those employed in information security jobs:
Provide a written policy
You cannot expect your staff to be conscious of cyber security practices if you don’t have a written policy in place that they can follow. Thus, the first step to promoting security is to work out your company’s policy for ensuring personal and corporate data is safe – both within the office and when people are accessing it from remote locations, on either laptops or mobile devices.
Make sure every employee within your organisation has a copy of it. You should also make it clear to them that there is a reason they are being given this; reinforce the fact that they are expected to learn and follow the guidelines it puts in place.
Limit information access
However much you trust your staff to follow the guidelines of your cyber security policy, it still makes sense to restrict access to important data to those who absolutely need it. In fact this should be a key plank of the policy, with encryption software – which alters the appearance of data on a device’s hard-drive, preventing anyone without the encryption key from reading it – being one excellent way of achieving this.
It is especially crucial to provide encryption software for business laptops and mobiles, as the loss or theft of these is a very common way cyber security is undermined.
Conduct continuous cyber security training
Some firms provide a degree of cyber security training when employees are first taken on, but it should be an ongoing process. One way of promoting cyber security among staff, through constant reinforcement of the message, is to use a Tip of the Day test. The testing can be combined with vulnerability assessments, which are designed to see whether or not staff are following your data security policy and absorbing lessons.
These should be overseen by your company’s IT security management team, and should employ strategies like fake phishing attacks, to see whether employees respond in the correct manner.
Don’t store more data than you need
The more data you have stored online, the greater the risk, so promote the practice among staff of deleting data once it is no longer needed. Those working in information risk management jobs within your company will have overall responsibility for ensuring that sensitive data is deleted when necessary, but making sure all employees understand the importance of doing so will greatly reduce the risk of breaches.
While you can never completely eliminate cyber security risks, following these four methods for promoting online security among your staff will certainly minimise those risks, making the lives of those doing cyber security jobs a lot easier.
[su_box title=”About Ryan Farmer” style=”noise” box_color=”#336588″]
Ryan Farmer has worked at Acumin for the past five and a half years as a Senior Consultant and now a Senior Resourcer. With a strong understanding of the InfoSecurity industry and the latest market developments, Ryan sources leading information security candidates for some of the world’s largest End User security teams, start up security vendors and global consultancies.Ryan is heavily involved in the Risk and Network Threat forum, has a keen interest in Mobile Security and is an active blogger and InfoSec writer.[/su_box]
Information security, data protection, and compliance professional.
Blogger, writer, speaker.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.