Don’t let employee training fall to the side of data security. 
By: David PageSecurity AnalystQSAWhen it comes to data security, many businesses tend to think of things like locks, firewalls, and the latest technology to protect their sensitive data. But they often overlook their biggest vulnerability: employees.Now, I’m not saying employees are bad; they’re just human, and humans make mistakes. Unfortunately, many hackers will take advantage of human error to gain access to your data. You need to spend just as much time and money on your employees as you do on secure technology.Follow for more data security articles like thisMany data breaches happen as a result of a well-meaning employee doing something to make your business vulnerable, whether it’s clicking on a phishing email that downloads malware, giving out sensitive information to someone they shouldn’t, or not being diligent in protecting their passwords. Most of these cases aren’t even intentional or malicious.Why is training important?
A question a business may have is why should employee training matter so much? After all, a business just has to have a firewall and security policies in place and they should be good, right?Wrong.Your security policies are useless if your employees aren’t aware of them. For example, you may have a policy on what to do if you suspect a data breach. But if your employees aren’t trained in what they should do in that situation, they will likely make an error or waste time in reporting it to the right people, potentially causing your business more damage.Another problem is social engineering, which is rapidly becoming a big threat against businesses of all types and sizes. The problem with social engineering is that it targets your employees specifically. If your employees aren’t trained to recognize social engineering tactics, you could be vulnerable to a data breach.Finally, you and your employees should care about data security and maintaining compliance with PCI, HIPAA, and other industry data security standards. You need to instill a sense of urgency in your employees when it comes to data security. Sometimes they’re all that stands between your business and a damaging data breach.Who should be trained in data security?It’s important to train all of your employees on basic data security best-practices.It’s critical that employees with access to sensitive data know how to protect it.
TweetThings like email phishing scams and social engineering can affect anyone in your business from the top executive to the janitor. Make sure all of your employees are briefed on policies involving basic physical and data security.What should employees be trained on?It’s good to make a list of policies employees should be made aware of and be trained on. Some policies may include:technology usepassword managementdata handling proceduresincident response plansdata security best practicessocial engineering techniquesBasically, if you have a policy about security that involves your employees, your employees should know about it. Tips for training employeesHolding yearly meetings doesn’t really do it anymore—your employees need a constant reminder to prioritize data security in their daily activities. They will also absorb more information if they receive training more often. Here are some tips to get your employees ready.
Set monthly training meetings: focus each month on a different aspect of data security, such as passwords, social engineering, email phishing, etcGive frequent reminders: these could be sent out in an email or newsletter that includes tips for employeesTrain employees on new policies ASAP: also, newly hired employees should be trained on policies as quickly as possibleMake training materials easily available: Intranet sites are a great way to provide access to training and policy informationCreate incentives: reward your employees for being proactiveWatch out for your employeesIt’s important to make sure your employees understand how critical their role is in keeping your business’s data secure. Training employees should be a top priority in your overall data security strategy. After all, your employees are the ones standing between your data and the bad guys. Shouldn’t you make sure they know what to do?Need help finding resources for employee training? Talk to us!David Page is a Qualified Security Assessor and has been working at SecurityMetrics for 2 and a half years. He has over 18 years experience in network and system engineering, design, and security. 
What Reciprocity Is and What It Is Not
We’re knee deep in the holiday season, the traditional time of gift giving in many parts of the world. There is also quite a bit of reciprocation that happens during this season. I write that because quite often we give gifts to other people because we know they will be giving us a gift. God forbid we aren’t ready to exchange gifts because most people feel awkward when they receive a gift but don’t have something to give in return. To avoid that feeling have you ever run out to buy a gift or holiday card from someone and quickly stuck it in the mail because they gave you a card or gift first? That’s reciprocity working its magic on you.The principle of influence known as reciprocity defines human behavior that’s been around as long as mankind: we feel obligated to give back to those who first give to us. We’ve been conditioned to give in return because over the course of evolution we learned we are all better off when we help those who’ve helped us first. I’m sure every person reading this understands the principle of reciprocity and my definition only serves to make them think, “I already know that.” What most people don’t really understand is how to engage the principle because all too often I read articles and blog posts from marketers, sales trainers, and others who like to cite Robert Cialdini’s work…but do so incorrectly!I recently read a blog post on getting consumers to say yes using reciprocity and two examples were used:”But 4 get 1 free””Free gift/shipping when purchase for $60 or more”Neither example is an application of the principle of reciprocity. Do you know why?As noted earlier, reciprocity is engaged when you’ve given to someone or done something for another person first. That feeling of indebtedness makes the other person want to “return the favor” so to speak. Neither example used in the article I cited above did anything for the consumer or gave them anything in advance. In each case what they were actually offering was a reward. Rewards are predicated on an, “If you…, I will…” basis. Both of the above examples were actually rewards that could read:“If you buy four you’ll get one more for free.”“If you buy $60 or more in goods your shipping will be free.”Think about it for a moment. You can’t get “one more for free” or “free shipping” unless you do something first. Make no mistake about it; rewards motivate behavior. There are decades of studies to back that up and it’s a fact that rewards are more effective than the threat of punishment. The word “free” is a big motivator too. Dan Ariely brilliantly points that out in a chapter from Predictably Irrational called “The Cost of Zero Cost: We Often Pay Too Much When We Pay Nothing.” All too often we’ll go out of our way to get something free. For example, have you ever purchased extra items on Amazon so you’d spend enough to get free shipping? People spend a lot more money to get “free” stuff! Rewards change behavior but some studies show you can engage people with reciprocity by giving a much smaller gift in lieu of a large reward and get a better result. In workshops I often share a study in which owners of a construction company were either offered a $50 reward for completing a survey or given a $5 check up front in consideration of their time. Only 23% who were offered the $50 reward completed the survey but 52% who received the $5 check up front did so. And the savings was anywhere from 57% to 77% depending on how many ultimately cashed the $5 check. As a business owner, if you knew you could more than double your response rate and save 50%, 60%, 70% or more by going the reciprocity option instead of the traditional reward route, wouldn’t you choose the reciprocity option? Of course you would…and now you will going forward.I don’t point this out to be nit picky or combative. Rather, I point this out because when I teach people about persuasion I tell them, “If you use the principles ethically and correctly you will get more people saying yes to you.” If people think they’re using principles correctly but they’re not, then they won’t see the results they hoped for. That leads to people thinking, “It sounds good when Brian says it, or when Dr. Cialdini writes about it, but it doesn’t’ work in the real world.” It does work but only if you do it the right way.Here’s my final thought – if you want to engage people in a low cost, easy to implement, sure fire way to motivate the behavior you want, save yourself time and money by going the reciprocity route in lieu of using traditional rewards
Brian Ahearn, CMCT® Chief Influence Officer influencePEOPLE Helping You Learn to Hear “Yes”.
Don’t be so Quick to Restock that Shelf
My daughter Abigail’s good friend, Maxie, used to work at a bakery in our hometown of Westerville. One Saturday morning Abigail and I stopped by to say hello and get a sugary treat after having coffee. I noticed Maxie was busy replacing donuts and making sure the pastry trays were completely full. Unfortunately, it was a bad persuasion move on her part.I asked Maxie why she was so quick to restock the trays after a few donuts or pastries were purchased. She said the bakery owner liked the trays to be full and he believed they looked better that way. I told her that approach is actually working against the bakery making more sales. Let me explain.Two principles of influence were potentially at work in the bakery if the situation was handled correctly. The first was consensus – we look to others to see how we should behave in certain situations. The second principle was scarcity – we value things more when they’re rare or diminishing. When people walk into a bakery and see a tray with very few donuts left, consensus kicks in as the first thought is – those must be good donuts because everyone seems to be buying them. Next comes scarcity – with so few donuts left, if I don’t get one soon I might not be able to get one. Both principles become a huge draw do make a purchase!I’m pretty confident the owner of that bakery has many things for employees to do other than constantly restocking the shelves. One big thing would be having them engage customers and sharing what items are “selling like hotcakes.”Have you ever been to a store where you obviously needed help but an employee or employees seem more concerned with stocking the shelves? That’s frustrating. Some of that may be due to their hesitancy to interact with people but I’m sure some of the pressure comes from a manager who feels fully stocked shelves is a high priority for the store. Not smart if you want to sell more goods.Think about where you work. Are there things you have that people actually see? If so, don’t be so quick to “restock the shelves” because doing so reduces the impact of consensus and scarcity. Rather, manage the process so you convey what other people are buying and get your customer to “act now” so they don’t lose an opportunity. If you’re worried about employees standing around, teach them how positively engage customers in such a way that customers enjoy the buying experience and keep coming back.
Brian Ahearn, CMCT® Chief Influence Officer InfluencePEOPLE Helping You Learn to Hear “Yes”.
- 1
- 2
- 3
- 4
- Next Page »