Educate employees on risky behavior
posted on Friday, January 31, 2025 in SHAZAM Blog
Article contributor: Tom Quist / SHAZAMSecure® Client Executive
In any given workplace, it's common to see sticky notes stuck to computer screens or other highly visible locations in an employee's workspace. The notes typically contain reminders or bits of important information the employee needs to remember.
In many work environments, these types of reminders are harmless. However, in a financial institution, they can result in a serious breach of security. When the sticky note contains a customer's name or other identifying information, the employee may be unknowingly enabling a data breach.
Some other examples of common employee-oriented risk include an unsecured, financial institution-issued employee computer loaded with customer information; improper disposal of sensitive documents; and accidentally emailing or mailing documents with personal information to the wrong recipient.
Below are a few important steps financial institutions can put into practice in an effort to protect sensitive information and potentially cut down on data breaches:
- Consider your financial institution's most vulnerable points: Performing a security assessment will help identify weaknesses, as well as bring to light any activities (intentional or unintentional) that could potentially lead to a data breach.
- Amp up security and protection for high-risk areas: Implement additional access controls and security measures where needed.
- Educate employees about security best practices: Provide employees with the knowledge, resources and strategies necessary to successfully adhere to security policies and procedures. Keep security top of mind with regularly published reminders of appropriate guidelines to follow.
- Train employees on proper reporting procedures: Be sure employees know and understand what constitutes a data breach, as well as whom to notify and how if they witness a breach or spot a vulnerability that could lead to one.
Making employees the first line of defense is one way financial institutions can help prevent security breaches. With proper training and clear-cut procedures in place, financial institution employees can gain a comprehensive understanding of how sometimes even innocent workplace habits can lead to real problems.
Additionally, SHAZAMSecure® offers a variety of technical and non-technical testing services that can uncover risks you may not be aware you are exposed to and what can be done to mitigate them. From penetration tests, vulnerability assessments and social engineering to IT, BSA and ACH exams, our expert team of consultants can help your institution better understand your vulnerabilities, strengthen your defenses and improve your risk profile. To learn more about all the services SHAZAMSecure provides, visit our website or contact Tom Quist.
SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney.
Comments
comments powered by