16 tips for staff security training to avoid a data breach


Make sure your staff have security training regularly and understand the importance of good cyber security practice. 

Get your staff to:

1.   Change their passwords regularly and never use old passwords         

2.   Never use the same password for different online accounts     

3.   Use Two Factor Authentication (2FA) such as linking an account to a mobile or cell phone

4.   Use strong passwords with a mix of numbers, symbols, upper and lower case letters, and use a password manager or, if they can’t remember them, write them down on paper somewhere safe without obviously referencing what it is used for

5.   Choose security questions and answers that can not be easily guessed by someone else     

6.   Use the latest Threat Intelligence to automatically detect unpatched hardware and software to avoid a Data Breach.

7.   Avoid Phishing Scams by not clicking on suspicious email links or open attachments in emails sent by someone you don't know. If something sounds too good to be true, it probably is, don't click on it! 

8.   Ensure all software, including anti-virus software, is kept current on all computers, servers and devices

9.   Keep backup networks separate from the primary one and store backups in a separate location

10. Implement restricted administrative privilege

11. Develop business continuity and incident response plans

12. Never, under any circumstances, use a public network for financial transactions

13. Use Data Privacy Management Software including Data Discovery, to understand what data you have, what it is used for and whom you share it with.  Then establish how the Data is stored, backed up and secured

14. Use reputable Third Party Risk Management Software to perform Vendor Management

15. Encrypt all data on fixed and mobile assets

16. Never upload data without password protection

Published 18 June 2020

Last Modified 19 February 2021