Back to All Resources

Quick Take on Data Security: Phishing and Social Engineering

African American man raises hands in disbelief as looks at computer monitor in negative surprise
Work Wisely Logo

Mini Training Session for Loss Prevention

A Quick Take on Data Security is a script that serve as a short reminder for staff regarding data security best practices. This Quick Take focuses on what phishing and social engineering are, common attacks and methods to identify and avoid them.

Quick Takes on Data Security:

  • Help keep data security in the forefront of employees’ minds.
  • Demonstrate the employer’s commitment to loss prevention.
  • Offers an opportunity for employees to ask questions, discuss data security concerns and develop solutions to specific issues while encouraging communication.

Objectives for Quick Take on Phishing and Social Engineering

Overview: Covers best practices to use on mobile devices to secure data.

Purpose: Covers what phishing and social engineering are, common attacks and methods to identify and avoid them.

Preparation:

  • Read and become familiar with this Quick Take. Change as needed to reflect procedures and personnel in your department.
  • Review current IT practices and recommendations if a suspicious message occurs and revise the Quick Take script and handout to follow those procedures.
  • Consideration should be given to situations where IT may not be available for contact.

Supervisors typically use a Quick Take on Data Security during regularly scheduled or informal meetings.

Some ideas on when to use Quick Takes on Data Security:

  • A short orientation at the start of a shift to discuss the data security concerns and best practices for tasks to be performed that day.
  • A quick refresher during a team meeting or during a department meeting.

To improve the prepared script’s effectiveness, supervisors should modify the content to reflect the needs and situations of their specific workplace. Quick Takes on Data Security are not designed to take the place of regular formal training.

All Quick Takes on Data Security include the following:

  • Training overview and objectives: Includes necessary preparation for the training and handouts that could be used to supplement the message.
  • The script: Even if no preparation is required, instructors should read the script prior to the training and make changes to adapt the training to the specific audience and location. Occasionally bracketed areas indicate where the instructor can include additional information specific to the organization or the team’s work.
  • Discussion questions/further activities: Discussion questions are designed to encourage further conversation about the topic but can be omitted in the interest of time. There may be ideas for further activities.
  • Session Planning and Review: This section details resources for additional information and offers an opportunity for the instructor to evaluate the Quick Take session, making notes about how to improve the session in the future. Instructors should review this page prior to conducting the training in the future to make improvements.
  • Attendance Record: This tracks those present during the training and can serve as a record. It can also be helpful when deciding when to train on the topic again.

Employee Handout, The Quick Review of Data Security serves as a reminder to employees about the best practices covered during the training session. This can also be modified to include information specific to the organization or the team.

Topics