top of page
  • Writer's pictureMike Sullivan

Training employees to protect your data

Training employees to protect your data is absolutely essential for all businesses.

We have all seen the scary headlines of cyberattacks on companies and the loss of clients’ personal information to hackers, resulting in fines for data security breaches. Although it is essential that business owners understand the threats endangering their data and how to protect that data effectively, it is also vitally important that this knowledge is passed on to staff.

Your staff can be your best asset for making sure that client data is stored and accessed properly and that your business is compliant with data loss regulations. Training employees to protect your data should be included as part of the induction process, with regular refreshers when regulations are changed or updated to reflect those changes.

Most businesses will have a staff handbook detailing procedures and behaviours that are expected. It therefore makes sense to outline cyber security best practice, including their use of social media platforms and company devices, particularly when not in the office.

To help you we have identified ten main areas of risk where your business may be vulnerable to data security breaches to cover in your policies, education, and training.

1. Email use/phishing attacks

The main method of communication for most businesses is email which is used at every level for both internal staff and external suppliers and customers. But unfortunately, email is not the most secure method of sending and receiving information.

Your employees are your first line of defence against a cyberattack via email, so they need to be aware of methods used by hackers to gain access to your email server:

  • URLs can be faked

  • The sender’s address may not match the company the email is supposed to be from

  • Spelling or bad grammar may indicate the sender does not have a good understanding of English

  • Links contained in the email may contain malware or connect to a fake web site

  • Requesting personal information in an email is a definite sign that something isn’t quite right

  • Email attachments may contain malware or viruses

  • Company details in the footer may be different from the real company

Staff trained to spot phishing emails and malware can greatly reduce the risk of data security breaches from cyberattacks and the training should include what to do if they spot something suspicious:

Who do they report it to?

What should they do with the email?

Employees need to know how to report a suspicious email so it can be checked out. You can read more of our tips on email security in our blog ‘How secure is your email?’

If your business is located in Yorkshire or Lancashire We Can Help to improve your email security. Talk to the experts at SquareCubed today about the security benefits of email encryption or moving your business email to Microsoft 365.

2. Password protocol

It is important that your company’s password protocol is included as part of training employees to protect your data. Cybersecurity training and handbooks should include clear instructions about:

  • Strong password construction i.e. random phrases of characters and numbers

  • Frequency of password changes

  • Not to use one password for multiple accounts

  • No recycling or sharing of passwords

  • Don’t write passwords on post-its!

Businesses should also be clear whether employees may face sanctions, such as a verbal warning, if they are found in breach of password protocol. If you would like more advice on what constitutes a good password policy, take a look at this guidance published by the National Cyber Security Centre.

3. Multi-factor authentication

We would recommend multi-factor authentication (MFA) wherever possible for accessing accounts, especially those based in the cloud. MFA works by providing additional security via linking the user’s mobile phone to their account. MFA is now commonplace for banks and other companies as it provides an extra level of protection against hackers.

4. Removable media

Removeable media is any kind of portable storage that can be moved between devices such as USB drives, CDs, or SD cards. Training should include clear instructions when using these types of storage in your business and the associated risks of, for example, malware and copyright infringement.

5. Social media use

Training should outline the dangers of sharing company information on personal social media accounts. Giving away information about your business can result in hackers posing as employees to gain access to your system. If they don’t know already, staff should also be shown how to protect their social media account via privacy settings.

6. Internet use

Along with internet access whilst at work, training should also educate employees to be safe online, for example, making them aware of the dangers of using the same password for multiple accounts or downloading free software, especially to company devices.

7. Working from home or remotely

Since the pandemic and its effect on our working environment, many companies now offer working from home as part of a role. In addition, many people work away from their home or the office, visiting clients, seminars or exhibition. Employees working remotely need to understand how this impacts on their cybersecurity.

8. Public Wi-Fi

Further to the previous point, those working remotely need to know how to use public Wi-Fi without risking a data security breach. Training employees to protect your data should increase awareness of fake public networks and scams and encourage them not to share confidential information via public Wi-Fi.

9. Company mobile devices

Unfortunately, the increase in connectivity through mobile devices has also resulted in an increased risk of data breaches. Making sure employees receive security training specifically for mobile devices will reduce the risk to a business of losing data through malicious mobile apps. MFA or biometric authentication can reduce the security risk if a device is lost or stolen. A separate mobile security policy may be necessary for those using mobile devices for the majority of their work.

10. Physical security

Physical security is another topic that should be covered when training employees to protect your data. Topics to include in this part of security training are:

  • Locking away important/confidential documents – clear desk policy

  • Log off devices when not in use

  • Don’t write down passwords, or share them with anyone

Although all businesses have different security requirements, training employees to protect your data by sharing cyber security best practice, and by actively promoting awareness of what could go wrong, your staff will be an effective first line of defence against data security breaches. If your company lacks the resource or IT expertise to implement security protocols, make an appointment to talk to us at SquareCubed to find out how We Can Help you and your employees to stay safe online with email encryption, backups, disaster recovery, cloud migration and Office 365.

11 views0 comments


bottom of page