中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeInformation, Computer and Network SecurityPolicies and OperationsProtecting PERSONAL INFORMATION - A Guide for Business 3. Lock it - Protect the information that you keep

Protect the information that you keep - Employee Training

Your data security plan may look great on paper, but it's only as strong as the employees who implement it. Take time to explain the rules to your staff, and train them to spot security vulnerabilities. Periodic training emphasizes the importance you place on meaningful data security practices. A well-trained workforce is the best defense against identity theft and data breaches.

  • Check references or do background checks before hiring employees who will have access to sensitive data.
  • Ask every new employee to sign an agreement to follow your company's confidentiality and security standards for handling sensitive data. Make sure they understand that abiding by your company's data security plan is an essential part of their duties. Regularly remind employees of your company's policy - and any legal requirement - to keep customer information secure and confidential.
  • Know which employees have access to consumers' sensitive personally identifying information. Pay particular attention to data like Social Security numbers and account numbers. Limit access to personal information to employees with a "need to know."
  • Have a procedure in place for making sure that workers who leave your employ or transfer to another part of the company no longer have access to sensitive information. Terminate their passwords, and collect keys and identification cards as part of the check-out routine.
  • Create a "culture of security" by implementing a regular schedule of employee training. Update employees as you find out about new risks and vulnerabilities. Make sure training includes employees at satellite offices, temporary help, and seasonal workers. If employees don't attend, consider blocking their access to the network.
  • Train employees to recognize security threats. Tell them how to report suspicious activity and publicly reward employees who alert you to vulnerabilities.
  • Consider asking your employees to take the FTC's plain-language, interactive tutorial at www.ftc.gov/infosecurity.
  • Tell employees about your company policies regarding keeping information secure and confidential. Post reminders in areas where sensitive information is used or stored, as well as where employees congregate. Make sure your policies cover employees who telecommute or access sensitive data from home or an offsite location.
  • Warn employees about phone phishing. Train them to be suspicious of unknown callers claiming to need account numbers to process an order or asking for customer or employee contact information. Make it office policy to double-check by contacting the company using a phone number you know is genuine.
  • Require employees to notify you immediately if there is a potential security breach, such as a lost or stolen laptop.Impose disciplinary measures for security policy violations.
  • For computer security tips, tutorials, and quizzes for everyone on your staff, visit www.OnGuardOnline.gov.
‹ Protect the information that you keep - Wireless and Remote Access and Detecting BreachesupSecurity practices of contractors and service providers ›