October is National Cyber Security Awareness month, so we’re bringing you cyber awareness tips and tactics as we always do!
If your organization isn’t focused on cyber awareness yet, consider emphasizing this topic during National Cyber Security Awareness month: information handling procedures.
All employees that handle important or sensitive information (company, client, or employee) should be refreshed on how to store, share, and send that data.
Unclear on whether sending certain info through a particular means is OK? ASK! Employees should seek guidance from their department heads, and department heads should seek guidance from the information security office.
As a department head or supervisor, help employees be successful when handling sensitive information by doing the following.
Establish an information chart that provides examples of types of information and their level of sensitivity (EX. public, private, restricted).
- Post the chart EVERYWHERE in the work space
- Train employees on how to use the chart
The chart should follow the information classification types set forth by the information security office. We really like the one put out by Harvard Information Security.
Label various computers, media, apps, etc. where information may be stored or shared.
- EX. Telephone is labeled with a ‘No Restricted Information’ sticker
- EX. The cloud storage drive homepage says ‘Public Information Only’
It’s helpful to have this labeling on the medium where information may be used or placed so that there is no question as to whether certain levels of information should be placed there.
Have a team meeting to review information handling procedures.
Get everyone on the same page with a department or team meeting. This is a great time for employees to raise questions and seek clarification.
Keep the lines of communication open.
Even at the department level, the department head may not be aware of the day-to-day operating realities felt by individual employees. Solicit feedback from all levels of the organization. If your security rules make it too difficult to get work done, employees may simply circumvent that rule.
Don’t overlook the importance of information handling procedures in the workplace. National Cyber Security Awareness month is a perfect time to remind employees of such practices.