A Business Technology Place

All I ever needed to know about information security awareness training

This week I completed the annual information security awareness training module. This material is now required for every employee of the company as part of the growing compliance controls for information security. Over the past several years, the core content in the training has changed little. So I’m thankful the group making our content updates the modules to give it a fresh look-and-feel each year.

It occurred to me, as I listened to the audio of the training content, I could summarize information security awareness with three important principles I learned as a young child:

  1. Don’t talk to strangers

The most prevalent way criminals steal sensitive information is by taking advantage of our good nature. In fancy-speak, the term is social engineering. The most common examples we experience today are email and phone messages asking us to respond or click. Some attempts I receive are comical, but in recent years they’ve become better disguised. The simplest action is to not respond to any unsolicited communication. But, if you think it’s legitimate, then contact the person or organization on your terms via channels they establish.

  1. Know your address

I remember as a young child learning my address and phone number. It was part of my identity and something I had at all-times. In information security we prove our identity by wearing identification badges and signing-in at security checkpoints. ID badges are helpful in large building settings so everyone can distinguish me from a visitor or contractor. In simplest terms,  Knowing my address and who lives/works with me, increases my chances of staying safe.

  1. Treat others as you want to be treated

Earlier this year I wrote about the data we see and are exposed to at work. In today’s information age, the most valuable asset we protect is information about people in our systems. This could be employee data or data about other people our customers share with us. Information security training covers several classifications for data, including NPI, PII, PHI, and PCI. But the key concept is the same in all cases. We should protect and hold this data confidential. In simple terms, we should treat others data as we would want them to treat our personal data. It’s an extension of the Golden Rule relevant in our information driven society.

Long live moms and kindergarten teachers.

Onward and upward!

(Photo credit: Public Domain Image)