Training and Education
Security training is crucial to ensuring that all related parties understand the security risks, and accept and adopt good security practices. No protection procedure is effective without proper execution by well-trained staff. You must ensure that your staff possess the necessary skill sets.
Educate and Train Staff
Get a good trainer. You may consider to find an appropriate training institute or train one of your staff to become the trainer.
Different people, roles and posts require different scopes, types and levels of training. Plan for the different training needs of staff.
Consider periodically using posters or issuing reminders to your staff about the importance of information security.
Consider providing training under the following scenarios:
When a new employee joins your team, he/she is informed about the security policies of your company by briefing or orientation.
Work to improve the security knowledge of all staff.
Refreshment training should be conducted at least once a year.
Fundamental Information Security Training
The following topics are proposed:
Company information security policies
Fundamental training in protecting your information assets e.g.
when and how to login and logout of your system
when and how to change your password
how to call for technical support
how and when to report suspicious activities
Basic security threats such as malware, phishing, technology crime etc.
how to prevent malware infections
How to recognise fraud