Michael Stewart recently wrote a great series about security awareness for Kensington. The 3-part series outlines the importance of making everyone in the organization a part of the security team as well as a 2-part look at security concerns and tips (part 2) to consider.
Some of the recommended security basics for your training program include:
- cautions against writing down passwords
- training on a password-management tool (to store site/program-specific, secure passwords under a master password)
- cautions against letting others use your credentials
- locking the computer when not in use (even temporarily)
- building security to prevent unauthorized entry
- malware / social engineering training (tips for email, social networks)
- wireless network security basics (for off-premises laptop / smartphone use)
- keeping work-related discussions private (applies to conversations in person or on phones in public)
- report suspicious activity or messages
- shredding paperwork that no longer needs to be retained
I recommend reading the whole series, particularly the last two posts, for many additional tips. Many tips, however, can be automated (banned or observed) with good user access and data management tools.