Business owners think that data security and PCI compliance is all about putting firewalls in place on all your system and locking away your receipts. However many criminals will take advantage of your employees to gain access to your customer card data. Data breaches can occur by members of staff opening phishing emails that download malware onto your system, giving information to someone they think is from the bank or not protecting their passwords.
Why is training important?
Having policies and procedures in place is useless unless you employees are aware and have been trained on them. If you have a policy which covers what to do in the case you suspect you’ve been breached, unless this has been reviewed by your staff they will likely either make an error or take too long to report it to the right person which could cause your business more damage. Another issue is social engineering nowadays, where they specifically target your employees who might not be trained to recognise fake calls and reveal information leading to a breach.
What should employees be trained on?
Some policies you can train employee’s on are;
• Technology use
• Password Management
• Data handling procedures
• Incident response plans
• Data security best practices
• Social engineering techniques
Tips for training employees
Holding meetings on an annual basis isn’t going to cut it, you need to put in place constant reminders to make sure data security is used in daily activities. Some tips to get your employees ready are;
• Set monthly targets – Each month focus on different areas of your data security with things like passwords, social engineering and email phishing etc.
• Give frequent reminders – These can either be sent out in emails, newsletters on handed out at morning meetings.
• Train employees on new policies – Even new members of staff that have been taken on should be trained as soon as possible on your policies and procedures.
• Make training materials easily available – Putting the documents in the staff room or on the office computer is a great way for staff to access the information