When thinking about data security, many believe that the latest technology in access control, antivirus and firewalls are enough to protect their valuable data. While installing security patches and updates on a correctly configured system is vital, employees are an equally important aspect to keep in mind. Data breaches are often the result of a well-meaning employee who clicks on a phishing email, gives out information, shares a password or any other mistake. Security should not be a tug-of-war between system administrators and the rest of the employees. People are creative and will find ways around restrictions to get their job done, training is key!
Are your employees trained on security? Are they aware of the security policies in place? Are the convinced that those policies are there to protect both them and the business? What should they do when accidentally opening a malicious attachment? Are they aware of social engineering tactics?
Employees who handle sensitive data should be trained on know how to protect it. ensquad can help your employees familiarise with security, providing training that fills the technical gaps between knowing that the policies exist to understanding the risks they are meant to protect you from. While we will typically work with you to tailor the training to your needs, some key topics may include:
- Best practices when using encryption, backup and distribution of data
- Understanding what makes passwords weak and the tools that can help you
- Proper use of the technology available at your organisation
- What to do when an incident happens, how to report problems encountered
- Recognising social engineering techniques and staying safe