Trained employee = secure business

Trained employee = secure business

Nowadays, no matter how small your business is, technology is present in many of the daily tasks to be performed, so it is necessary that we can make use of it with full security in order not to generate damage in the management of our business.

Cyber-attacks are the order of the day, and they do not discriminate between large and small businesses, but they do take advantage of the most vulnerable ones that do not have a corporate culture of cybersecurity and data protection in place.

Creating a culture of data protection and cybersecurity.

The first and most important step is to train your employees in data protection and cybersecurity, according to the activities performed and the information handled.

Training must be provided at the time of hiring and continuously throughout their working life, to keep abreast of the latest developments, as technology evolves at great speed, which requires knowledge of how to react to a cyber-attack situation.

But like everything else in life, you have to start at the beginning: hiring your employees.

As we all know, the human factor is the most important when it comes to safeguarding our business from a cyberattack, as we ourselves can be the open door through which the cybercriminal can access our information; therefore, from the beginning in a job, it is necessary that we know how things work.

For data protection training: here

To get free training in Cybersecurity: here

Standards for workers

When we go to make a recruitment, the new employee will be given the following documents, and this is where their training in the culture of data protection and cybersecurity in the company begins:

Employment contract:

document where the conditions of the activities to be performed, schedules, benefits, salary, etc. are stated.

Confidentiality agreement:

a document in which the new employee undertakes to keep confidential the personal data processed and the corporate information to which he/she has access as a result of his/her work activities, so that he/she may not share it with third parties, unless he/she receives express authorization to do so, and such confidentiality will be maintained even after the employment relationship has ended.

Duty of information and consent:

Your company must inform the employee of how their personal data will be treated by the company as data controller, (purpose, conservation, possible transfers, etc.) as well as make them aware of their rights regarding data protection. If you wish to treat their personal data for purposes other than the employment relationship itself, you will need express consent.

The company has two other obligations to the employee, which it must comply with by law at the time of hiring:

Health surveillance:

Annual and voluntary medical examination by the worker, which is part of the Occupational Risk Prevention Law(LPRL).

Occupational risk prevention training

Once the employee is already part of our team, his or her training in data protection and cybersecurity will continue through the delivery of the following documents:

Security policy:

document specifying the necessary technical, organizational and security measures adopted by your company, according to the data processed, assets available and jobs occupied, in order to ensure the confidentiality, integrity and availability of the information.

It should be updated when there are regulatory changes, changes in your company (people, technologies, etc.).

Asset use manuals:

general information, tax/accounting information, special category data, video surveillance, printers, photocopiers, scanners, etc.

Action protocols:

For backups, for the destruction of documents and devices, in the event of security breaches, processing of special category personal data, teleworking, etc.

Who should prepare these documents?

The above-mentioned documents are to be drafted and updated by the Data Controller (the data protection part) and the Security Committee (the cybersecurity part).

The Data Controller is the company itself, and it is usual to hire an Expert Data Protection Consultant or even appoint a Data Protection Officer(DPO), if you are legally obliged to do so.

The Security Committee will be made up of representatives from management, the different areas that make up the company and IT personnel or external cybersecurity experts.

Download a free Cybersecurity Master Plan for your company: here

Data protection policies:

Implement a safety culture in your company!!!

In Business Adapter® we help you to comply with the European and Spanish data protection regulations(RGPD + LOPD) to which any company or professional is obliged, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!