We deliver effective Cybersecurity and Privacy training which address the issues that matter most, covering high stakes security and privacy topics identified by top CISO's and CPO's as the ones that keep professionals up at night.
True employee awareness of data privacy is not just about keeping sensitive documents from prying eyes. Here are nine topics a comprehensive privacy awareness program should cover
What your employees don't know about handling data at your company or organization could burn you, and fast.
That's why it's important to implement a privacy awareness training program so all your employees can actively protect sensitive data.
From how to stop phishing attacks to the best practices for data management and protection, there are numerous fundamentals involved with securing personal and sensitive data.
We've narrowed down nine topics that you should cover in your privacy training program to establish a risk-aware culture in which your employees see data protection as second nature.
A privacy awareness program needs to cover the basics. To make sure your workforce is actively protecting sensitive data, they need to understand the data lifecycle - how data is created, stored, used, shared, archived, and destroyed within your company.
Here are some of the basics to cover in privacy awareness training:
A wide variety of privacy regulations exist, both U.S.-based and global that you may need to follow when it comes to how your company manages personal data. Many include training requirements for employees who handle this data, shifting training from a nice-to-have to a necessity.
What follows is far from an exhaustive list of some of the most impactful policies in force today:
HIPAA - -The Health Insurance Portability and Accountability Act of 1996 provides data privacy and security provisions for safeguarding medical information in the U.S. Learn more about our HIPAA TrainingPack.
GDPR - The General Data Protection Regulation is a regulation on data protection and privacy for all citizens of the EU, which includes the transfer of personal data outside of the EU. Learn more about our GDPR TrainingPack.
CCPA - California's Consumer Privacy Act enhances privacy rights and consumer protection for residents of California. Learn more about our California Regulation TrainingPack.
Keep in mind that you may not have to comply with any of these regulations. Additionally, there may be other regulations not listed here that you do need to comply with. For more information on which policies you might need to look out for, you can search privacy policies by country right here.
Nearly every piece of software your employees use on a regular basis requires frequent updates. Without them, any machine could be at risk for becoming a dangerous access point for malware or a source of data breaches.
Patching is a set of changes to a computer program or its data that is designed to update, fix, or improve it. Systems can be patched for things like improving usability and performance to fixing bugs and more.
Your training program should include who should patch, how often to patch, as well as patch management guidelines (what to prioritize, etc.).
Most data breaches begin with a successful social engineering attack. This happens when a hacker targets someone to get them to do something that gives them the access they are looking for.
For example, they could get a link from a LinkedIn connection or Facebook friend when, in fact, it's really a hacker just trying to get into the network. In other words, it's a con game.
Make sure your employees are aware and teach them how to recognize a social engineering attack and what to do if they believe they have been targeted.
Personal information is incredibly easy to obtain as data breach after data breach dumps reams of data into the dark corners of the internet.
Thieves use this information in a variety of ways - financial gain, criminal evasion, and illegal collection of Social Security and medical benefits.
Identity thieves steal and use their victims' personal information to create imposter accounts and to access existing accounts. Armed with stolen personal information, identity thieves can rob your company of customer trust and confidence.
That's why we recommend including information on the threat of identity theft in your privacy awareness training. General topics and ideas to cover include but are not limited to:
Email scams are tricky, so it's crucial that your employees know how to identify them. Some are more difficult to identify than others, but many share common themes that call them out as phishing attempts.
There are a few ways to identify and combat phishing attacks:
The most important takeaway here is making sure your employees take their time and think before interacting with any unexpected emails. Be sure to include some of these reminders in the training itself, and don't be afraid to get creative withreal phishing emails as a training tool!
Choosing a password might seem simple, but when you're dealing with sensitive data, you need to make sure it's secure.
In addition to choosing a unique password with eight or more letters, numbers, and characters, you should also use multi-factor authentication (MFA) or two-factor authentication (2FA). Both require at least two pieces (MFA can be more) of evidence in order to authenticate access into a system, like a password and a code sent to your mobile device via text message.
Here are some password best practice ideas for including in your training (and maybe even your company password policy):
Whether it's a malware attack, phishing scam, data breach, or even a hunch something might be wrong, it's important for employees to know how to report an incident and who to report it to. Here are some ideas on what to cover regarding incident reporting:
In today's digital world, it's easy to share information at the click of a button. As a result, standards for privacy protection continue to rise, which makes it harder to keep up with the changing laws that regulate our personal information.
But as the privacy landscape and associated trends and regulations shift, the end goal of privacy awareness training remains the same: helping your employees achieve a mindset where protection of personal data comes as second nature.
When working with personal data, it's important that employees don't leave their computer available to anyone that can cause damage to their identity or the company. Remind them to lock their screen each time they step away from their computer to reduce the chances of unauthorized access (either accidental or malicious).
In addition to screen locking, you should also cover safe browser use. This includes making sure the browser is fully patched, only browsing safe websites and URLs, and reminding employees not to install unnecessary add-ons without admin approval.