Data Privacy & Security Service Digital Digest_Fall 2017

Data Privacy & Security Service

Issue 9

TRAIN YOUR EMPLOYEES provides many useful resources to promote cybersecurity and data privacy. Visit the Train Your Employees section for more information on the excerpt below. Training employees is a critical element of security. They need to understand the value of protecting customer (student) and colleague information and their role in keeping it safe. They also need a basic grounding in other risks and how to make good judgments online. Most importantly, they need to know the policies and practices you expect them to follow in the workplace regarding Internet safety. Talk to your employees about: keeping a clean machine, following good password practices, when in doubt, throw it out, back- ing up their work, staying watchful and speaking up.

PDF Resource: 5 Ways to Help Employees be #PrivacyAware

Gone Fishin’ Phishin’

Summer time and the living is easy or so the song goes and with that some people have been fishing. Oops, I mean phishing. Here are some recent emails requesting information:

From Patrick Bull ( and you can bet it was bull ): Your e-mailbox password will soon expire. To keep your password active. Please click… From Gillian.Molina: Your Microsoft Outlook Web Password will expire today (oh, no!). You are to Click on this link XXXXXXXXX immediately and fill the form correctly ( I just love that they want the in- formation filled out correctly ) and submit for immediate validation. Please if you cannot access the link, send your Username and Password to our System Administrator at XXXXXXXXXXXX for immediate Validation. This message is from IT Department.

Training your staff on cybersecurity

The experts say that “training is essential” to make sure employees exhibit the securi- ty practices that will keep data as well as the organization safe. But did the “experts” really ever deal with employees? Five tips to teach staff security skills that stick are: 1 – Lead by Example – Both good and bad habits start at the top. Remember when you didn’t want your children seeing you do something bad, well, if you’re the boss, don’t let your employees see you place post-it notes with passwords on your comput- er. Don’t leave unsecured devices such as jump drives and laptops on your desk overnight. Practice good behavior and it will be mimicked by others.

2 – Send out a Daily Security Tip – Formal Policies are mandatory, but how do you know your employees are reading them? Send out a quick tip in a byte sized message that may be user friendly and manageable to remind employees about expected behavior. 3 – Rigorously Enforce Security Policies -- Policies are for protection and should be enforced. It is not a matter of distrust. It’s about protection of networks, data and people. 4 – Put Employees to the Test – Remember, this is the article suggesting this, not the DPSS or the Digital Digest . The suggestion is to see if employees follow protocol by putting them to the test. As a simple example, send out a phishing email and see who bites. 5 – Make Security Tools Freely Available – Employees won’t use tools like secure email for SFTP unless it is available and easy to use. Extend this concept beyond technology and include locking file cabinets and paper shred- ders.

“Make it easy to adopt good security behaviors, and employees will catch on” ( ¶7 ).


Made with FlippingBook HTML5