Why we changed this site: Click here to find out why the website changed.

Close
Created by e-skills uk

e-skills UK Guide

Data security training

Why IT security training is important

This Guide is designed to help you protect your data from unauthorised access and inadvertent corruption. To do this you will help people understand the importance of securing business data and what they need to do to help with this important task.

In general, you should consider education and training tasks throughout the implementation phase.  It makes sense to start the education process early on, but you will have to defer some training until you have set up the data security you need.

It is important that you give security training to everyone in your organisation and your security policy is clearly documented. This education should also be an important aspect of company induction for new joiners and consequences of security abuse should be detailed in the terms and conditions of your employee contracts.

You will need to ensure everyone knows:

          Why security is important, and what they need to do about it.

          How to maintain good password discipline.

          Your policy for storing data away from the office.

          How to avoid picking up malicious software infections while using the Internet.

How to maintain good password discipline

Everyone in the business will need to understand the importance of password discipline. Specifically:

  • The need to keep passwords private.
  • The need to change default passwords in software and equipment (and document changes securely).
  • No one should ask people for their password; and they have the right to refuse to provide it.
  • Do not write passwords down or include them in Emails.
  • Any software you have provided to store user ids and passwords securely.
  • Methods to come up with memorable passwords.  A good one is to come up with two completely unconnected words connected by a piece of punctuation.  For example: train+envelope.  Now create a mental picture that features the words you chose; for example a train sticking out of an envelope.  You might be surprised how easy this kind of password is to remember.
  • Being vigilant for any failures of password discipline.

You should make sure people know your policy for using business data on equipment that is to be taken out of the office:

  • Which data cannot be taken outside without permission.
  • Which data can be taken outside without issue because it is not sensitive.

How to protect other data:

- Encryption.

- Keeping an eye on the equipment.

- Password protection of equipment.

How to avoid picking up malicious software infections while using the Internet. For example:

  • Stick to reputable web sites created by reputable businesses.
  • Do not open Emails that are clearly junk mail.
  • Do not open links in Emails unless you are sure you can trust the sender to have the expertise not to pass on links to malicious sites.
  • Never respond to junk Emails (even if they have links that claim they will unsubscribe you) since that just encourages more junk.

Security responsibilities for administrators

Computer administrators need to know how to:

  • Implement the security measures you decided on in the planning phase.
  • Update programs if that is not done automatically.
  • Add, change and delete access folder-level and file-level controls (if you need them).
  • Help people use access control facilities (such as encryption) when necessary.

People responsible for administering new joiners and leavers need to know how to:

  • Ensure User ids and passwords are created promptly for new joiners.
  • Arrange induction training on data security and associated policies.
  • Ensure leavers have their access revoked promptly.

Updating employee terms and conditions

Consider including words in people’s terms and conditions of employment that makes it clear that you expect data security discipline to be observed and that failure to observe those disciplines will be treated as serious misconduct liable to summary dismissal.  That sounds heavy, but you need to ensure that you have the ultimate sanction for people that refuse to take security seriously.

You should also consider making it clear that Internet and Email access for any purpose other than strictly necessary for their job is a privilege that can be revoked at any time; and that you maintain the right to review and intercept Internet and Email use in order to ensure your company’s policies are being observed.  Without these protections in the terms and conditions you might find you have no rights to check.  You should, of course, obtain legal advice for suitable wording.

Free security advice

Whether your business has been affected by crime or you are seeking preventative measures against crime, the Business Crime Reduction Centre (BCRC) is here to assist you, contact BCRC by:

Calling: 0114 275 1283
e-mailing: info@bcrc-uk.org
Visiting: http://www.bcrc-uk.org

Commercial suppliers

We do not recommend specific products or suppliers; instead we provide you with a representative sample which covers the range of suppliers/products available. You may choose to look at these suppliers or products but this is entirely at your discretion.

Rate This:
i
Bookmark this page:
DiggDigg
del.icio.usdel.icio.us
redditreddit
FacebookFacebook

What Now

floppySave this guide to your profile
printPrint this guide
pdfDownload the guide in PDF version *

* In order to print the guide or open it in PDF format, you will need to install Adobe Acrobat Reader.

Send to a friend

Friend's Name
Friend's Email
Submit

Credits

Close

You have:

0

Credits

For FREE UNLIMITED access:

Login to your account

Email:
Password:

Forgot your password?

Login
Not a member already?
Register Here
You don't want to login? Cancel
Quick Registration

Quick Registration

Get unlimited* access to guides, tips and facts, by becoming a FREE member.

Email:
Password:
Re-type Password:
First name:
Company name:
County:
Region:
Sign up for free site updates
REGISTER FREE
Already a member? Login Here
Don't want FREE access? No Thanks

Registration Benefits

Post Code

Hello User,

In order for us to provide you with the most relevant information, please supply us with your postcode so we can determine your region.

Thank you

Your Post Code:
submit
No Thanks