In immensely networked systems, organizations cannot protect confidentiality, integrity and availability of data without implementing an effective and reliable security training program. According to a Kaspersky Lab report, more than 46 percent of cybersecurity incidents are due to human error and enterprises suffer multimillion-dollar losses recovering from staff-related disasters. For example, uninformed workers can harm a secure network by responding to phishing emails, visiting web pages infected with a malware program or storing their confidential information in an insecure storage location.
To prevent staff-related incidents, organizations must implement a viable security training program. The ideal program should incorporate the following training exercises:
1. Clean Desk Policy
Sensitive information on a desk such as sticky notes, papers and printouts can easily be taken by thieving hands and seen by prying eyes. According to the mandates of a clean desk policy, the only papers that should be left out are ones relevant to the current project you are working on. All sensitive and confidential information should be removed from the desk at the end of each working day. During lunch or any emergency departure during office time, all critical information should be placed in a locked desk drawer.
2. Bring-Your-Own-Device (BYOD) Policy
BYOD covers the employees’ personal computing possessions which might be used in a work setting. They may include mobile devices, audio players, digital cameras and various other portable electronic devices which could be utilized to steal sensitive data.
BYODs are also a part of “IT consumerization,” whereby a consumer’s hardware and/or software is brought into the organization. Ensuring the security of devices within BYOD is a daunting task. However, enterprises can achieve it by implementing a proactive security training program. This program should include the following best practices for your employees:
- From a security standpoint, each mobile device is not (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Bo562Yssu5M/