TIME FOR CYBERSECURITY: 12 STEPS TO IMPROVE YOUR INFORMATION SECURITY PRACTICES
Step 5. Information Security Awareness Training.
Once information security policies are developed, a business entity should communicate them to the entire workforce and then conduct employee training sessions. Regular employee trainings might cover lessons learned from previous information security incidents, updates on the regulatory framework, and any developments with internal information security policies. All such trainings should be tailored to the employees’ job responsibilities. Other potential topics covered in the sessions may include security reminders, summary of the sensitive data inventory held by the company and ways to protect it, information about protection from malicious software, log-in monitoring, password management, emerging issues and bring your own device (BYOD) policies.
Step 6. Require Contractual Assurances from Third Parties.
If your business entity uses third-party subcontractors, vendors or service providers and such providers could have access to the personally identifiable information (“PII”) of clients and customers in the process, you should require information security clauses in the contracts with such third parties. Typically, a primary PII collector is ultimately responsible if information is used improperly. Requiring third parties to contractually ensure that they employ minimum information security standards should become one of the conditions to do business with you.
To read more see the Intro to 12 Steps blog:
“Step 7” coming soon…
