Cybersecurity training for all employees, including data storage pros, is critical — it’s not just for executives, managers, and IT teams. Threat actors’ tactics have become much more sophisticated, particularly with the rise of ransomware, and often attackers target employees. Human error is one of the top causes of data breaches, and part of the reason is that enterprises don’t train their employees thoroughly enough.
Multiple sectors of an enterprise rely on data, and customer data protection is mandated by multiple regulations, like the GDPR. Enterprises face steep fines and loss of reputation if they can’t sufficiently protect their customers’ personal information. Every business is responsible for how it processes and stores data.
Teaching storage personnel — from the executive team member to the newest member of the team — how to handle security procedures and sensitive data is one of the most important responsibilities of any storage team at any enterprise. This guide covers the steps companies can take to inform and prepare their workers for cyber attacks or company vulnerabilities.
How to prepare storage personnel for cyber attacks
The following guidelines will help prepare and strengthen your storage personnel with information they can use to detect and avoid cyber attacks:
- Host multiple mandatory training sessions
- Ensure employees know common attack tactics
- Know your priorities
- Have multiple simulations
- Establish a company-wide RPO and RTO
- Partner with a reliable DR vendor
- Ensure employees know how to use security tools
Host multiple mandatory training sessions
Have thorough training procedures, so employees know exactly what attack strategies and tactics to look for and, in turn, what compromising behaviors they should avoid.
It may be better to break up the training sessions, so employees don’t become overwhelmed with information. Rather than a full-day security summit, host three or four training sessions over a period of time. Get your storage personnel involved in the training: make it interactive, so they learn by experience rather than just listening passively.
These training sessions should cover:
- Common attacks and what they look like
- Security risks that employees should never take
- Appropriate responses to a cyber attack from each level on the org chart
Note that training sessions should happen regularly throughout the year if your organization is growing quickly. As new employees, from different enterprise and security backgrounds, come into the company, they should be apprised of your security posture as quickly as possible.
Ensure employees know common attack tactics
All storage personnel, including the newest and most junior employees, need to understand the major phishing and breach tactics used by threat actors. They should be able to recognize each of the following:
- Emails: that ask users to click a link and have not been previously mentioned by company employees. This might look like a link to create a company account that an employee had no prior information about from an IT team member or manager.
- Unsecured networks: Employees should only use company applications on approved networks; if a new Wi-Fi network pops up on the menu of networks, it may be created by a threat actor.
- Password or access requests: Businesses should have methods of safely sharing passwords in place, like a password management system, but always verify that the team member making the request is permitted to access the storage application. Ensure that no one is impersonating the other employee, and beware of insider threats as well, like access requests from unauthorized team members.
Storage personnel should also know the truth about human error and the ways it compromises enterprise security operations. If they’re aware of common mistakes, like password sharing, unsecure networks, and unwiped devices, they’ll be better prepared to act as carefully as possible when handling data-intensive applications and storage systems.
Know your priorities
Although all stored data is a critical IT priority, it’s a good practice to determine your enterprise’s top priorities for protection. Ask your IT leaders and executives the following questions:
- Which systems and software are the most critical for operations?
- What standards do we need to meet, and what is required to do that?
- Which employees are the first line of defense?
Once you identify answers, develop protective plans based on the systems and networks that most need to be secured. For example, if your Kubernetes containers carry applications with customer data and run on a Red Hat platform, determine which security measures you must implement at the platform level and then the container level. This step requires heavy IT and storage team collaboration, since many data-intensive applications aren’t traditional databases or cloud storage solutions.
Document your employees’ responsibilities. They need to know exactly how to respond to an active attack. Ensure that all storage personnel have access to clear and thorough documentation that lists every step they must take when a threat actor is detected. These are examples of documented responsibilities:
- The VP of storage must first contact the executive team when an attack occurs.
- The network security engineer must first lock down all Internet of Things (IoT) devices connected to the company network.
- The cloud storage specialist must first initiate emergency procedures within the main data center.
Have multiple simulations
Cyber attack simulations clearly show employees what an attack looks like. One common type of simulation is a penetration test, which is done by contracted experts paid to breach a company network for improved security awareness. Employees often don’t know about the test until after it has occurred. Penetration tests are valuable, because they examine employee responses to attempted attacks in real-time. These tests allow businesses to identify the specific areas where they need to further train employees. Such areas include:
- Sharing passwords through email or Slack
- Clicking links in emails from unconfirmed sources
- Using sensitive company applications on an unsecured network
Penetration testing exposes this behavior in an organization.
Other simulations allow employees to work as hackers, attempting to breach the company network. This exercise also reveals gaps in the company’s security infrastructure, but it allows technical teams to actively uncover weaknesses themselves.
Establish a company-wide RTO and RPO
Having a clearly stated recovery time objective (RTO) and recovery point objective (RPO) for the entire business helps teams like storage and IT create more specific security recovery plans. If a cyber attack does occur, they’ll be better prepared to recover data in the required time frame.
Partner with a reliable disaster recovery vendor
Disaster recovery (DR) procedures are a response to cyber attacks rather than a preventative method, but they’re critical for all storage systems. Security breaches are a form of disaster, and enterprises should be prepared to protect and recover any lost data in the wake of an attack.
Create a disaster recovery plan that details exactly what to do if an attack happens, and ensure that your storage personnel know exactly where to find it and what steps to take. The plan should have clear policies for recovering data, detailing exactly what server or data center the data should be restored to, for example. Ensure that your DR vendor is a reliable partner, so your storage team has confidence in the data recovery procedures set for your enterprise.
Ensure employees know how to use relevant security tools
If your enterprise uses security software, ensure that all employees with access to the solution know how to use it. Not all storage personnel may be permitted to use company security software, but some administrative and security-based roles might, and it’s critical that storage pros know how to navigate the interface and perform any assigned tasks.
Train employees thoroughly until they’re familiar with the security software and know how to perform relevant tasks, like network and application monitoring or, for admins, setting access controls for the rest of the storage team. This type of investment can take months or years, but it’s worthwhile for businesses that plan to use their software for years and want to protect their most important storage assets.
Is your business considering security software? Learn about the best cybersecurity solutions from eSecurity Planet.