January 2016: You can have the best IT in the world but if your team isn’t up to speed on how to keep your data secure, your company is at risk. Along with updating your policies about security and acceptable use of your IT network, training is key!
There’s no better time than the new year to make sure your team knows what to do (and not to do) when it comes to security. Don’t be too busy —be smart! Here’s a game plan:
Who needs to be trained about IT security?
Everyone – even employees who aren’t heavily involved in technology! Social engineering is alive and well — it’s the easiest way for criminals to get into your systems. Why bother to break in if someone will let you in? The primary way to combat social engineering is with training. And people who work with the most sensitive information need the highest level of training, of course. And even if your company isn’t mandated by law to complete cybersecurity training, your business, like all businesses, is vulnerable because it’s online.
What does good training look like?
The best sessions are in person, run between 30 to 60 minutes each and are conducted in small groups. You probably need a series of sessions. There’s usually too much information to cover in a single session and shorter sessions are more effective than longer sessions — attention wanders, especially when it comes to technology. To learn the material on a practical level, which is the goal, it’s best if your employees can start to apply it, see how it works and then build on their understanding from there.
Another option is to complete an online training course. If your company hasn’t done much training in the past, this may be the way to start. Being able to ask a facilitator questions, however, is very helpful so the sooner you can introduce live trainers, the better. The best training of all involves doing tabletop scenarios with role playing and reviewing.
The best training is also based on your updated policies!
Why should policies be updated every year?
A lot of companies write policies but then let them get dusty — don’t be like those companies! Updating your standard policies and procedures is an important process in itself but it also lets your employees know that you’re serious about security, which is equally important.
Make sure to remove items that are no longer relevant to your business (like references to BlackBerries or floppy disks), add instructions for new technologies (like wearables or cloud storage) and update any process information (like encryption or remote access procedures). Your policies should cover every part of your operations that could allow your data to be compromised, including any device that’s capable of transmitting data, along with the basics like email, password storage, file sharing and removable hard drives. Usually this process is completed in conjunction with your human resources department, who distributes the new policies to your staff, who then sign off on them.
When your policies are up-to-date, clearly written, concise and easy to understand, your team will be more likely to follow them! And your IT ecosystem will be much more secure.
As a managed IT company, Leapfrog helps clients develop their policies. Our frogs also provide security training at our training facility or at clients’ locations, as do other vendors like banks and insurance companies — it’s in all of our mutual best interests that your data remain secure!
|You may also be interested in: