Data Storage & Handling
Teaching Your Employees How to Safely Use, Transport, and Store Sensitive Data
Data is everywhere — laptops, desktop computers, servers, mobile devices, external hard drives, portable storage media, filing cabinets, cloud-based storage systems, and more. Thinking about all those potential access points is likely to make your head spin. And you’re likely to get even dizzier when you consider that the security of that data is primarily dependent on the actions of the people who handle it.
Don’t leave your data security to chance. Bring your employees up to speed about the best practices they should be using when storing and handling different levels of data, from public marketing materials to confidential company information.
Assess the Threat
Do your employees know how to create strong passwords and encryption passphrases? How well do your employees understand the potential threats associated with sharing sensitive information? Do your employees recognize the data security measures they should be taking, both in the workplace and beyond the office? If you’re not sure of those answers, our CyberStrength® and USBGuru® assessments can help you find out.
- CyberStrength Knowledge Assessments – This tool allows you to ask your employees scenario-based questions about physical security measures, data sharing and disposal, and other topics that pertain to proper handling of sensitive files and documents. You will have direct access to the results, and employees will receive tips and guidance following each answer (whether correct or incorrect). You can also create customized questions to assess understanding of company policies and known issues. Create your own mix of questions — including those custom written by you — or use our Protecting Personal Data Predefined CyberStrength assessment, which has a set selection of questions that focus on data storage and handling. Our predefined assessments help streamline the administrative process and allow you to automatically assign follow-up training to users who don’t exhibit a clear understanding of the topic.
- USBGuru – With this simulated attack, USB drives are pre-loaded with your messages and randomly placed in common areas within your workplace. If employees pick up and plug in these planted devices, a customizable Teachable Moment will launch, letting them know what they did wrong and how they can prevent future issues.
Educate Your Employees to Utilize Best Practices
Understanding your level of susceptibility is one thing; changing employee behaviors is another. We can help you do both, but we believe that the education component is the real key to long-term risk reduction.
Our interactive training modules give your employees hands-on instruction about data handling security principles and explain some of the threats they may encounter inside and outside the workplace. In addition to our purpose-written, research-based educational content, our Training Jackets allow you to add custom and personalized content to the beginning and end of each module. You can insert notes about specific organizational policies, attach a training completion certificate, include a policy acknowledgement screen, and more.
Key modules to consider for your data handling training efforts include the following:
- Data Protection and Destruction – This interactive training module will teach employees about the potential threats associated with mobile electronics and portable storage devices. They will also learn how to securely use and dispose of data on these devices.
- Password Security – Users learn why strong passwords are so important and get hands-on practice creating word- and phrase-based passwords and password families.
- Security Beyond the Office – Employees will learn best practices for keeping your data, network, and equipment safe when working outside the office. Topics include safe use of WiFi networks, the dangers of public computers, and practical physical security measures.
- Mobile Device Security – This module will teach employees how to secure their mobile phones both inside the office as well as during travel and leisure activities. Employees will learn important physical and technical safeguards; how to avoid divulging sensitive information during conversations; and how to securely use features like WiFi, GPS, and Bluetooth.
Consider a Continuous Training Approach
A cycle of assessment, education, reinforcement, and measurement maximizes learning and lengthens retention. Our security awareness and training methodology is a continuous approach to risk reduction.
Consider pairing our data storage and handling assessments and education with our Security Awareness Materials to reinforce key messages in the workplace. And be sure to take advantage of our comprehensive reporting tools to measure progress and tailor future efforts.
When you combine the four components of our methodology, you take a 360-degree view of security awareness and training, which can effectively change behaviors and reduce risk across all levels of your organization.