fbpx Skip to main content

Do Your Employees Know How to Protect Your Data?

By January 29, 2018Security
Security Training for the Workplace

In general, we all know we need to keep our critical and sensitive data safe. We know about identity theft; we know about stolen data. We know we should keep our credit card numbers safe and be careful about where we release our Social Security Numbers. This is why there are laws like HIPAA, which are intended to safeguard our identities by protecting Personally Identifiable Information (PII).

But do we really know what sensitive information is? Do we know what qualifies as Personally Identifiable Information? And on top of that, do we really know how to protect it?

This can be a deceptively simple question, because most of us would probably say, “Yes, sure, I know what I should be keeping safe and to be cautious about who I give it to.” Ah, but are you sure? Here’s a real world example:

The accounting department staff know that they handle sensitive data, especially credit card data. The HR manager handles a lot of Personally Identifiable Information, like Social Security Numbers and birthdates. The IT department has directed all these employees to create strong passwords, which change every 90 days. They hear a lot about security and being cautious of phishing emails and ransomware. People feel like they know how to be safe.

Then, the IT department switches on a security feature in Office 365 that detects when potentially sensitive data is being sent unencrypted in people’s email. They find that many staff members are sending credit card numbers, Social Security numbers, staff’s home addresses, and more in plain text in their email! This stuff is unencrypted and could be intercepted and read by anyone. But until now, absolutely no one thought it was wrong to fire off their SSN to the HR manager.

Yikes, right?

What people think they know about security is not the same thing as what they really know. This is especially true if security education has been spotty, picked up in email tips and meetings and conversations over the years. There can be large gaps in anyone’s knowledge. We often don’t really understand how to put security measures in practice while doing our usual work every day. Someone can know a lot about avoiding ransomware and suspicious emails, and yet think nothing of the dangers of using public wi-fi.

One way to be sure is to go through security awareness training.

The Purpose of Security Training

Security training on protecting Personally Identifiable Information (PII) and sensitive data can help people clarify what this data actually is and how to protect it. Effective security training also focuses on case studies and real world examples, from the perspective of ordinary people who actually encounter security threats and have to decide how to deal with it.

Test Your Security Knowledge

Another important aspect of security education is testing. Your employees have been educated on phishing emails – but how well do they do when you actually test them? Do you have a way to test their knowledge and behavior?

The next step up from one-time or annual security training is a service or platform that gives you tools to keep your employees up to date on the latest threats and lets you test them with things like fake phishing email scenarios. A service like this should also be able to provide you with assessments of your policies and rules regarding cybersecurity in your organization, and whether you have technical or administrative safeguards to enforce the protection of sensitive data.

Is it worth it?

Even though it may seem like a lot to ask your employees to pay attention to, comprehensive security training can be incredibly valuable. Testing your employees, finding their weak spots, and then training them again can reduce security risks both personally and for your business. Looking to the future, it’s quite conceivable that more and more regulations will be put in place that require companies to demonstrate they’ve taken appropriate measures to educate employees about cybersecurity and have security policies to reduce risk.

Security training is an investment now that will pay off in the future. Check to see if your employees are truly ready to help you avert data breaches and cyber attacks today.

 

Thinking about trying security training? OXEN Technology believes very strongly that security awareness training is a keystone of any organization’s security defense. We offer free annual Security Awareness Training that you can take advantage of right now.

Want to test your employees with phishing simulations or assess your security risk? You can build on our free security training with our Paid Security Portal, that includes services like phishing tests, an annual Security Risk Assessment, weekly micro-training, and a monthly security newsletter.


Recent Posts / View All Posts

Disaster Recovery

Importance of a Reliable Disaster Recovery Plan for Your Business

| Email, Managed Services, Security | No Comments
Running a business is not always a smooth-sailing operation. There are often things that could go wrong regardless of how cautious you are or how hard you abide by the so-called rules. Because of this, you should have a good backup and disaster recovery plan in case a disaster happens, like an accident or a cyberattack. There are plenty of BDR solutions for different businesses. You must find the one that fits your needs and will protect your network and data in the best way possible. Understanding Backup Disaster Recovery All businesses deal with important information, like details about transactions,…
Social Media Phishing

Quiz Time: Can You Handle Social Media Phishing Attacks at work?

| Managed Services, Security | No Comments
Our last three blogs have discussed cybersecurity threats and how they affect a business. We have talked about the dangers that stem from various types of malware. We have warned you about the newest cybersecurity risks expected to wreak havoc on businesses soon. And in the face of the ongoing growing acceptance of remote work setups, we have delved into the threats related to working from home. Now, we will now talk about social media phishing. The common thing in all these topics is that they are all linked to phishing. A strong phishing attack can make a network open…
Risks of Working from Home

Addressing the Cybersecurity Risks of Working from Home

| Business Productivity, Managed Services, Security, Tech Tip | No Comments
A remote workforce has become the norm since the pandemic. Even now that we consider it safe to return to office work, many businesses have maintained the remote work setup because of the advantages. However, the risks of working from home also bring issues that need attention so as not to risk the company’s network and data. What Are the Cybersecurity Risks That Come with Working from Home? There are risks when working from home. Workers lack the usual protective measures used in an office network. Many workers use their home networks and may also use the same device for…