Your best bet to running secure operations is to have a holistic and comprehensive approach. In other words you can not just do a little bit of security, you will have to dedicate enough resources to cover all aspects and cover them well.
This does include training staff as it has been proven over and over to be the weakest link in a security and privacy defence. You can implement the best security measures throughout but if a colleague clicks on a link in malicious (phishing) email and unknowingly is taken to a fake website where his or her corporate login and password are stolen, your security defences are at risk.
One needs to ensure that the right security & privacy habits are thought and applied in the day-to-day of your business. It is recommended that you implement a code of conduct that includes security & privacy as well as other ethical business practices. There are unsafe practices in most firms that can easily be addressed through awareness trainings.
Data Security and Privacy – Some examples of unsafe practices:
- Sticking post-it note to computer screen with password
- Share accounts & passwords with colleagues or third parties
- Send files with personal data content unencrypted
- Use corporate email to send messages to personal contacts
- Use personal email to send corporate messages
- Clicking a link in suspect email from an unknown sender
- Leaving customer files on your desk when leaving the office
Data Security and Privacy education
There are lots of online learning platforms that offer Security Awareness Trainings and Data Privacy Trainings at affordable prices. Ensuring that all new joiners and all staff at least once a year go through those training courses is essential to running a secure and privacy compliant operation.