Many security incidents or even breaches are not caused by sophisticated, malicious hackers but by innocent oversight, carelessness, or lack of understanding of security processes and company policies. Ultimately, the worst IT security incident to deal with is the one you know could easily have been prevented.
I am optimistic enough about people to not expect my car to be broken into while I am in church. But I still lock my doors when I park at church – even right next to the building. Why? Because it’s a habit that would not be wise to break. Walking away from my car and pressing the lock button on my key fob is something I do without even thinking. Inevitably, the one time I neglect to do so would, of course, be the one time someone is roaming around with bad intentions.
Ongoing Security Awareness Training
Teaching employees to lock their computer when they walk away is the same. It’s just a good idea. Locking the computer should be as basic as not writing down passwords or not taping login details to the bottom of the keyboard. It should become a mindless habit. You may even want to set a company policy that stipulates that computers are to be locked any time an employee walks away for any reason or any anticipated length of time. Even with a policy in place, it is important to explain the reasons and provide reminders often.
All of your security policies require some level of training and regular reminders. Many organizations are actually required by federal and state regulations to provide such training. The HIPAA Privacy and Security Rules, for example, require formal training to take place and for ongoing updates and security awareness for all employees to ensure the protected health information (PHI) held by the company remains secure.
Even if employee security awareness training is not required of your company by law, it is only fair to employees that you let them know what is expected with clear policies and then train them to follow the policies for their own security and protection, while reducing the overall risk to the organization.
September Security Tip: Lock Your Computer
We prepare reusable monthly security tips like this to help you make employees aware of online and social engineering security threats and the easy steps they can take to avoid most of them. Feel free to share our latest security tip with your colleagues. To be sure that you don’t miss next month’s security tip, click here to join our email list.
Ensure that your employees understand your policies and that security stays on their minds and good practices become habits within your organization. Our monthly security tips can help you satisfy regulatory mandates for ongoing security training more effectively than costly, time-consuming, boring training sessions. Subscribe below to receive future tips sent directly to your email.