This is not to say that you should threaten to fire your users if they don’t follow your information security policies. Rather, many users often don’t understand the potentially devastating impact of an attack – both on their organization and on themselves. The cost of a data breach can cost the company upwards of several million dollars. Stock prices can take a hit. Stolen IP can result in lost customers and lost opportunities.
In some industries, such as health care, where confidentiality of information is crucial and regulated, lawsuits can be the direct or indirect results of a breach. Companies may even experience money stolen directly from their accounts, affecting their ability to invest in their employees. For some, a single data breach may be enough to put them out of business.
Ensure that users understand the potential consequences by sharing data from surveys or news articles on the impact of breaches. If a user believes that it’s a realistic possibility that a malicious link can take down the company – or eliminate the need for their position – they’ll be much less likely to click that link.
Users are a company’s biggest asset and, unfortunately, often its greatest risk. Mitigating the risk posed by users is an ongoing challenge. You can limit their access through admin rights, but you can’t always prevent them from opening corrupted emails. You can force them to routinely change their passwords, but can’t prevent them from clicking malicious links.
So what can you do to ensure your company stays as secure as possible? Educate your users! Turn them into a security-aware workforce that would no sooner click a malicious link than download a corrupted patch. Read on for tips from Lumension’s Paul Zimski on what you can do to secure your greatest risk area: the users.