by Dan Charland | With the continuing onslaught of well publicized computer hacks, it’s surprising the number of excuses as to why businesses haven’t tightened up their security.
“I don’t have time.”
“I won’t get fooled.”
“It won’t happen to me.”
And my favorite: “No hacker wants my data.”
That is exactly what the bad actors are hoping.
Over time, we all get stressed with work deadlines, we get a little lax and we forget to be diligent. Yes, we’ve heard the terrifying statistics that explain how user error is the cause of 80-95% of successful breaches. And, we know that hackers thrive on creating chaos, generating urgency and suggesting dire consequences … all designed to provoke you into action.
But that’s exactly why user security training works. It provides real-world examples of how savvy users were duped and insight into the sophisticated operations and nefarious strategies in play by hackers. It helps keep your guard up.
User Training for Your Team
Regular (at least quarterly) training is a critical component for protecting private information. Basically, you are the gatekeeper of your own security, whether you realize it or not! One wrong click of the mouse could be devastating to the organization or your personal information.
For instance, …
- Remember to trust your instincts. If something doesn’t seem right about an email, reach out directly to the sender to verify that they did, indeed, send the message. Sometimes, an old-school phone call is what it takes to be safe.
- If an email contains a link to a site you visit periodically, don’t click the link. Instead, take the extra minute to manually type the URL into your browser or click on it from your bookmarks.
- If the communication says there’s a time constraint and something bad will happen if you don’t respond immediately, that’s a huge red flag. Confirm any important action via another channel before responding.
- If the offer is for a gift card or other reward and it seems too good to be true, it is! Unfortunately, no one gives things for free such as $50 gift cards.
These are the type of basic tips that are covered in regular training but are not always remembered during a busy day when you may be stressed or trying to manage deadlines. Regular training sessions will keep this information top of mind.
Invariably, when we talk to someone who has been hacked, they say something like: “I know that looked a little strange or I don’t know why I fell for that, I knew better than to click on that.” In some cases, your users just don’t know what to look out for; in other cases, the information your team learned was so long ago, they just didn’t recall the precautions when presented with a potential hack.
Training also covers tips for users such as how to stay safe when connected to public Wi-Fi services, good password hygiene and how to identify spoofed addresses and bad links.
Finally, executive-level participation and engagement is vital; studies show that hackers are more successful with senior executives. What’s more, executive buy-in creates a culture of security that permeates the organization and reinforces the value of your company’s investment of time and talent in user training.
Reach out to Dan Charland at NetCenergy if we can help introduce your organization to our managed-service program eNCompass which includes a robust user-training feature. Learn more about eNCompass here.