Implementing a strategic plan for teaching new hires about data security is an important part of your company’s onboarding process. The weakest security link in any company are the people working there and you need to make sure those people know this. The best way to get this point across is presenting the following topics with a sense of urgency and fear. No one wants to be the person responsible for a data breach.
Do not click the link
Phishing emails are the easiest way for attackers to compromise your data. It is a best practice to teach your company to trust your gut when receiving phishing emails, if it looks suspicious, it probably is. Things like email domains, caps lock and redirecting links are all pin point signs of a phishing email. Here are some tips and tricks to help better detect these emails before you open them.
- Anything with a hidden hyperlink is suspicious, if you hover your mouse over this link without clicking, it should tell you the true identity of the source or redirect site.
- Misspelling of email address or domain suffix
- Email content consists of wiring money to an external account
- A general rule, if you have never spoke to the person before, why would they be emailing you?
A yearly reminder should be sent out regarding the dangers of phishing emails to reinstall the fear into your employees. Also conducting a phishing campaign yearly will give you an accurate progress report on how effective your methods are.
Don’t share your password
Teaching password best practices is a must, employees will make passwords short and simple to easily remember. To make a secure password the following must be met:
- Password length should be over 14 characters
- Must contain a special character
- Must contain a number
- Must contain a capital letter
Also it may be easier to have your employees try to remember a passphrase. For example take the first letter of every word in your favorite song verse. Now combined these together, add a capital, number and a special character. You now have a super secure password. This passphrase should also prevent them from writing down their password.
Now that you have covered virtual security, protecting physical security is next on the list. Preach the importance of not losing your door badge key. More importantly, not letting people piggy back into the building. Piggybacking is letting someone in on your badge swipe. This occurs a lot because employees find it awkward to shut the door on someone. By announcing to your entire company that shutting the door in someone’s face (or at least checking to make sure they have a badge) is not only acceptable but expected. This will remove the tension and awkwardness throughout the building if everyone knows this is policy.
All of these practices should be included in your companies IT security policy, which every employee should have access to. All of these vulnerabilities have one thing common, the human. Any activity that involves a human and sensitive information should have a control around it to help prevent unwanted data leaks.