Information security is one of the most important parts of any enterprise security plan.
It doesn’t matter how many different security products are in use, the information held by and in use by any organization can never be safe or secure unless employees are made aware of and trained in information security procedures and policies.
This reduces the risk of human error by familiarizing all staff with these policies and it also ensures that enterprise information assets are protected properly, as well as increasing confidence in the organization from both employees and clients.
Information security training starts at home, as it were, and employees need to be trained to understand the information and compliance risks of the organization, cutting the risk of security failures.
Training course should familiarize employees with basic knowledge of information security, including threats that come via email, through the workplace itself and the internet.
It will also inform them of the policies present within the organization and the procedures for reporting on incidents.
A basic information security training course will include:
- A solid introduction to information security, what it is and why it is vital to the organization
- An introduction to security at “home”, i.e. the workplace
- A discussion on antivirus software, how it works and why it is in place
- A discussion on passwords and why they must be strong
- A discussion on wireless network security settings
- A discussion on email threats, including phishing – how to recognize them and report them through them the proper channels
- A discussion on how to use social media properly
- A discussion on the use of illegal websites
- A discussion on information backups – why they are done, and how often
- A discussion on portable media devices, such as external hard drives and USB sticks
The course should also cover:
- The physical security of information, such as server rooms, backups, data rooms, etc., including the security procedures in place
- Digital information security
- The protection of enterprise information
- Incident reporting and business continuity plans in the event of a breach
IT personnel will need to be trained on the proper implementation of antivirus software and firewalls on the system. They will also need to be made fully aware of the policies surrounding access to information storage areas, who can access them and the means of access.
Finally, all employees, no matter what level, should be made aware of the consequences of a deliberate breach of information security and of the policies and procedures for BYOD and work from home practices.