Training Your Staff About Security – What They Need to Know

Vigilant attitudes from your staff could make the difference between handling a security threat and a security breach, both physically and through the internet. Effective cyber security protects not only your customer records and private data; it also keeps your physical premises safer. If somebody manages to hack your drone security footage, for example, your building is vulnerable, and your employees are too. 

The best approach to a coherent physical safety and cyber-safety strategy for your business is to dedicate time to training your staff about security! Here’s what they need to know.

Good Practice with Passwords

A password will likely protect any sensitive information online that could be easily accessed. Anybody with access to this password should be listed as having the potential to compromise sensitive data, particularly when payment details are included. The staff with access to this password are the staff that are responsible for keeping that password secret, and regularly changing it as a further precaution.

This is particularly important if and when staff leave the company, and particularly on bad terms. If a password isn’t changed, then you are risking having somebody outside of your company able to access private information without a trace. This password could be made public out of spite to encourage hacking at the very worst, or at the least it could be used to record your information for a competitor. 

Policies Must Be Followed

From the very beginning of your onboarding process for new employees, policies for acceptable usage of browsers and devices on your premises should be introduced. Consequences for misuse should be fully understood, so your employees know to take rules seriously. Staff should be clear on what to do if they suspect a security breach, or if a device appears to have gone missing. Any personal information that can be hacked through a browser or a device puts your employees and potentially your building at risk. 

More offline security measures, such as keyholding and alarm response should be supported and monitored by your staff to protect your building if your systems are hacked. Multiple layers of security can be upheld by your team, and by something as simple as instructing them to physically lock rooms with devices that have sensitive information on them.

Test, Test, Test

Much like security threats, tests on staff vigilance could happen at any given time. ‘Live fire’ training exercises can easily be run by your IT department, and they’ll give a good insight into which departments are most likely to fall for a real scam. Send out a fake phishing email that can be monitored, and you’ll be able to identify what percentage of your employees fall for it.

Focus your training efforts on the employees that are susceptible to the risk, because it’s a waste of time teaching some departments what they already know! Switch up your approach with a new test every few months after training, and formalise your audits. If you record the performance of your first test, you should be able to measure an improvement in your employees with the next couple of trials and examine their response to your ‘threat’.

Physical Security Matters

While the security of your premises is mainly your responsibility as a business owner, you should encourage your employees to approach you with any concerns they might have. Teach every department that vigilance doesn’t have to be left down to the likes of concierge security

Train employees to lock any unoccupied room, and closely accompany or monitor any visitors to your business premises. Every pair of eyes is valuable in spotting potential risks to your building!

For further advice on practical solutions to ensure the security of your business premises, please feel free to get in contact with us at Clear Watch Security.