Chances are good that when a new employee starts at your company, you already have a process in place to train them on the systems the company uses: everything from time entry systems to using the phones to database training. Make security training part of that onboarding process, but don’t let it stop there. During orientation, teach new employees how to check if a link might be malicious, what a corrupted file might look like, how to identify a fake patch they may be asked to download, and then what to do with that information.
Be sure they can identify many of the most common tactics attackers use to trick users into helping them, and then give them a clear path for remediation if they suspect they’ve been sent a phishing email or are being asked to download a faulty patch. Once the initial orientation is completed, continue to contact users on a regular basis about new threats. Set up a monthly email informing users about new attack methods or current phishing techniques so that they know what to look for. Add real-world context and real-time updates.
Users are a company’s biggest asset and, unfortunately, often its greatest risk. Mitigating the risk posed by users is an ongoing challenge. You can limit their access through admin rights, but you can’t always prevent them from opening corrupted emails. You can force them to routinely change their passwords, but can’t prevent them from clicking malicious links.
So what can you do to ensure your company stays as secure as possible? Educate your users! Turn them into a security-aware workforce that would no sooner click a malicious link than download a corrupted patch. Read on for tips from Lumension’s Paul Zimski on what you can do to secure your greatest risk area: the users.