Data privacy training is critical

Somehow when we think about data security and privacy, we tend to look to technology solutions to minimise risks. And, while technology solutions are certainly part of the privacy equation, there’s another area of risk that must be addressed: people.

Teach the teachers

Staff members, instructors, students, and even parents can all be ‘weak links’ when it comes to protecting sensitive data. Whether through viruses transferred between shared files or email, the sharing of passwords or data theft, the perils of people can’t be overlooked.

But teachers play a crucial role, thanks to the amount of time they spend in the classroom and the on administrative tasks, like grading work, preparing lessons and communicating with parents and faculty. They must, of course, employ good security practices themselves. Then they can, in turn, model those good practisces to their students and emphasise their importance to parents.

IT – a big part to play in data privacy training

That’s where the IT team comes in. IT leaders have an opportunity, even a responsibility, to train technology users about the risks that their actions may represent—whether inadvertent or intentional. But as any teacher will tell you, training must be more than a ‘one and done’ exercise. So, make good use of your colleagues’ teaching expertise and, once you’ve figured out what the content of your training must be, get them to help fine-tune how it’ll be delivered.

Ahead of those conversations, here are some best-practice tips for delivering privacy training designed to stick:

1. Keep it fresh: The cybersecurity threat landscape is always evolving, as new attack vectors are discovered, and new exploits uncovered. This not only requires vigilance on your part, it also requires regular ‘refresher’ training for all users – at least yearly and preferably more frequently.
2. Keep it simple: IT is notorious for jargon and complexity but many of your audience will have little to no understanding of technology, so make sure your lessons and instructions are easily understood and not steeped in data security terminology.
3. Explain the ‘why’: It’s easy to ignore a rule or procedure if you can’t connect it to a larger purpose. You don’t need to get overly technical but explaining why security requires certain practices will help make them ‘stick’.
4. Use examples: Don’t be sensationalistic but use a few simple and preferably local examples of security gone wrong to emphasise that the threats are real. Relate your examples to the ‘why’ behind specific rules or policies.
5. Give feedback: Let your audience know when they’re getting things right and share examples of internal best practices as well as internal breaches as appropriate.
6. Include the parents: Make sure your training includes some communications with the parents, through newsletters, notes and other means. Their behaviour is a big influence on your students, so it pays to help them understand cybersecurity too.

Bonus tip: Get user feedback. It’s helpful to know if your instructions and suggestions are clear, if you’re clearly explaining the ‘why’, if there are suggestions on how to improve and so on. Opening the lines of communication between IT and others can help build relationships that boost compliance.