Data Classification

& Breach Prevention

How to Prevent Data Breaches

Even though most organizations take advantage of security technology designed to identify and mitigate
cyber-attacks, keeping data secure is a shared responsibility for every member of our organization. Here’s
how you can help:

Learn how to spot phishing attacks.

Cybercriminals cast wide nets with generic phishing attempts, knowing that all it takes is one
person to click on a link or download an attachment. You can spot phishing attacks by looking
for common red flags like poor grammar and spelling, threatening or urgent language, and
unrealistic promises of money or prizes. Never assume someone is who they say they are. Treat
all requests for information or money with skepticism.

Respect the access you’ve been granted.

Every member of our organization has been granted certain levels of access to data, networks,
and secured areas. Every member of our organization is required to respect that access by
never allowing anyone to use their credentials and by ensuring secured doors remain locked.

Use situational awareness.

If you happen to work from a remote location, mind your surroundings. Keep an eye out for
shoulder surfers who might try to peek at your screen. Use discretion when talking on the
phone. If you access public WiFi, use a virtual private network, or VPN, which gives you an
encrypted connection and prevents criminal hackers from intercepting your internet traffic and
stealing data.

Never plug in random USB devices.

A seemingly harmless USB flash drive you found in the hallway may be a targeted attack.
Cybercriminals use USB drives and other devices to spread malware by planting them in public
places. All it takes is one curious person to find it and plug it into their computer.

Report all security incidents immediately.

A phishing email, a suspicious package, a secured door left unlocked—anything that might
seem off—must be reported. Failing to report security incidents, big or small, prevents us from
mitigating any potential damages and ensuring the incident doesn’t happen again. If you’re
unsure how to report incidents, please ask.

© 2021 The Security Awareness Company - KnowBe4, Inc. All rights reserved.
Always follow policy.
We have procedures in place for how data gets collected, stored, transferred, and destroyed.
We have policies that regulate what devices may access our networks, which apps may be
installed, how passwords should be created, and so on. Circumventing policies for any reason,
even if it seems minor, could undermine our efforts to maintain the security and privacy of our
employees, clients, and business associates.

Take data protection personally.

Personal data represents the digital DNA of people. When that information is compromised or
inappropriately altered, the damage could lead to a long, painful recovery. This isn’t only about
our organization; in our personal lives, we all trust multiple organizations with our confidential
information, and we expect them to protect it by any means necessary. Use that mindset here
at work, and consider the ramifications of mishandling data or falling for a phishing scam and
other attacks.