Insider Threat Management

Coachable Moments: How to Train Employees to Use Outdated Technology Securely

Share with your network!

If your organisation is using old school, outdated technology, chances are there could be an increased risk of an insider threat. Even some everyday keyboard shortcuts could be used to exfiltrate data. Often employees’ use of older technology is so second-nature, they may not even know their behaviour is risky.

Here are some tips on how to train users to avoid the risk of using outdated technology, broken down by technology type.


USBs are one of the top culprits for data loss in organisations, even though the technology became popular in the early 2000s with the advent of USB 2.0. An additional risk for organisations is that hackers often exploit the functionality of USB drives to spread malware to unsuspecting users.

If you find that many employees continue to use USB drives as a primary storage method, it may be time to enact a policy change that bans or limits their use altogether. If that type of restriction is not possible, encourage your employees to take advantage of more secure cloud storage alternatives. Most cloud storage accounts offer users multi-factor authentication as a security protection, while some provide zero-knowledge encryption for particularly sensitive files.

Another option is to store files locally and use a VPN when trying to access these files remotely. Encourage employees to encrypt files on their devices by doing the following:

  • For Mac Users: Employees can encrypt their entire hard drive using the FileVault feature from System Preferences > Security & Privacy > FileVault.
  • For PC Users: Some PCs encrypt files by default. Employees can check their machines by going to Settings > System > About and scrolling down to “Device Encryption.” If their PCs do not have built-in encryption, Windows offers a feature called BitLocker, which can be accessed from Control Panel > System and Security > Manage BitLocker.

Removable Media (Including CDs and DVDs)

USBs are only one type of removable media. Although many of these technologies are slowly fading out, the use of CDs, DVDs, SD cards, and other removable media (even magnetic tape drives!) is still lingering in many organisations.

As with any physical media, proper handling and storage is paramount to ensuring that data leakage doesn’t take place. Removable media has a high likelihood of getting lost or misplaced, which is why providing access to secure cabinets or storage spaces is essential. If you have employees that must regularly use removable media for their job roles, ensure that they have access to a secure storage space.

If possible (and if you do not have one already) enact a removable media policy which limits or prohibits the use of removable media altogether. Combined with the risk of accidental data loss, malicious insider threats still frequently use removable media. Explain why this type of user activity is being limited within your organisation, and point your team members to a more secure storage alternative (see examples above in the USB section).

Keyboard Shortcuts

Some keyboard commands (including Copy/Paste, Cut/Paste, Print Screen, and screenshots) can be indicators of an insider threat, if they occur in conjunction with other suspicious user activity. While it’s impossible (and certainly not a best-practice) to limit the use of keyboard shortcuts, it’s important that employees understand the types of activities that can be considered risky.

For example, copying and pasting data from sensitive documents into an unsecured format is a major no-no and could expose the organisation to unnecessary risk. However, an employee may not even be aware that he or she is making a mistake. When new hires join the team, make sure they know the basics of acceptable data use.

At regular intervals, test your team members’ knowledge of corporate policy by making it fun, and providing rewards for employees that understand the policy best. If you’re deploying user activity monitoring software, send alerts to employees when there’s a potential policy violation to provide in-the-moment coaching. Above all else, it’s important to reinforce that the security team is here to answer questions about policy as they arise.

Old School Coachable Moments?

Which coaching methods do you take to keep knowledge fresh about old-school technology? Tweet at us @Proofpoint. Want more cybersecurity awareness training advice? Check out the rest of our Coachable Moments series here.