Employee Training Tips to Ensure Compliance With Company Security Program
|October 17, 2013
Once a company has developed, formalized and implemented Best Practice policies and procedures, it’s important to effectively manage and train employees to ensure compliance.
This is especially true with the protection of non-public personal information (NPI).
Here’s some advice on what management can do to ensure policies and procedures are being followed:
- Provide all employees with the company’s information security policy on an annual basis. Have all employees sign an acknowledgement that they have read and understood the policy and agree to follow the policy.
- Perform security awareness training to educate employees about the company’s policy and additional risks of fraudulent requests for pieces of information.
- Train employees to identify and manage NPI-related requests for personal, co-worker, customer and transaction information. This is the non-electronic version of phishing.
- Management should observe ongoing business practices, confirm that the policy is being followed in the operation and resolve any exceptions.