Starting Course

Information Security Awareness – Get started

Video Transcription: Information Security Awareness

The purpose of security awareness training is to make all employees aware of information security policies, help us deal with problems when they arise, and to meet our compliance training requirements. We can have all the systems and technical controls in the world; but if we as human beings fail to follow our policies and security practices, then the whole system breaks down.

So first, what’s the risk? What’s the big deal? Well, there’s a monetary risk. Your company could be fined if you’re not found compliant with the laws in place. There’s also a legal risk if an employee violates the law– knowingly or unknowingly. And that risk extends to both the company and the individual.

Most importantly, though, there’s a risk of damaging the company’s reputation. You’ve seen it plenty of times where very big companies end up in the news due to data breaches. And you don’t want that to happen.

There are a number of technology-related reasons for data breaches, such as new viruses or malware. But the overwhelming number of data breaches are caused by human error and carelessness. A sensitive document is left out in the open. A computer is left unattended for a few minutes without password protection. Sensitive information is sent over unencrypted email without a password.

Another cause of breach is social engineering. Techniques can be as simple as calling a company office, claiming to be from another company location, and asking for protected information. It’s surprising how often this works.

Let’s discuss some specific actions you can take. One, Update your anti-virus and anti-malware software. Two, don’t install unapproved software. Three, keep your computer’s operating system current by installing updates when you are notified of them. Four, log off or lock your computer screen when not in use and make sure to use a password-protected screensaver.

Five, physically lock up documents that contain sensitive information when not in use. Six, adopt a clear screen, clear desk approach to your work. Seven, never write your passwords down. A password written on the sticky note on your monitor is the same as not having a password at all. And eight, never open email attachments that come from people you don’t know.

The key is to make security a habit and to report suspicious or potential security issues to your local information security officer. Work on making security a habit and help protect all of your company’s data, resources, and reputation.

That’s all for this video. Thanks for watching.