The start of a new calendar year presents a prime opportunity to refresh your employees about company policies. And while it’s useful to give them updates about the dress code and how to log PTO, training employees to safeguard company data is a critical task. With the global average cost of a data breach at a staggering $3.62 million, per a study done by IBM, your organization can’t afford to let employees be lax about security—this year or any year.
- Change Your Password Practices
Some employers make the mistake of mandating that their employees change their passwords, with the theory that frequently updating your passwords makes it harder for attackers to access your data. Not so, says the FTC. Research shows that people who change their passwords often tend to choose weak or guessable passwords. If your employer allows workers to pick their own passwords, coach them on when to change them and how to choose long phrases and or sequences that aren’t easy to guess.
- Brush up on Current Phishing Techniques
Because phishing schemes evolve all the time, your defensive procedures should evolve too. Even your tech-savvy employees aren’t necessarily following the latest trends in identity and data theft, so offer company resources to help them spot phishing attempts. This will look different in every business. At a large organization, the IT department might provide a company-wide training session; at a smaller business, it might make more sense to send out regular memos with information about the latest schemes and how to spot a phishing email.
- Institute a Clean Desk Policy
You know that classic horror-movie trope, in which the protagonists realize that the menacing call is coming from inside the house? Although it’s an unnerving thought, your data can be stolen in plain sight. Maybe a member of your legal team leaves a sensitive file open while she uses the bathroom, or an HR staffer walks to the printer without closing the employee personnel file on his computer screen. If an office visitor or disgruntled employee snaps a photo, the fallout can be catastrophic. Require employees to lock up sensitive files and devices whenever they leave their desks, even for just a minute.
- Assemble an Incident Response Team
Your company may already have an incident response team in place to deal with natural disasters, but do you have a team that’s ready to respond to a data breach? They happen, even to vigilant organizations. And when a breach happens, time spent scrambling is time wasted. Assemble a team if you don’t already have one. If your company does have an IRT, the beginning of a new year is the perfect time to organize refresher training.
- Lock Down Devices
With so many employees working remotely at least occasionally, your data is vulnerable. And even if your staffers work exclusively onsite, they may be prone to misplacing thumb drives or leaving company phones or tablets in their unlocked cars. Literally locking down their devices is overkill, but it might prove useful to stress to employees that they’re responsible for keeping track of their own devices at all times. At the same time, remind employees that they are not to destroy files or unused devices on their own. It’s your data at stake, and your company should oversee its destruction when necessary.
Protect your organization from attack by working with an experienced data destruction company. Contact Northeast Data Destruction today.