Remember, users are often the weakest link in the security chain. It’s important that you are vigilantly educating your users to remedy the risk that they pose to your organization’s security. But other areas of security should not be neglected in the pursuit of user education.
Remember, attackers are people too and they will go for the path of least resistance. If you leave your machines unpatched, they’ll go that route. If you don’t have anti-malware installed, they might go down that path. And if your users are likely to click a link from a phishing email or download a fake patch, attackers will choose that method.
An attack is often no longer a single instantaneous event, but a long process where the attacker systematically hunts down your systems’ weakness. Don’t leave the front door wide open for them, whether that means educating your users, installing antivirus or aggressively patching machines. Make sure your defense is as in-depth and persistent as the attacks threatening it.
Users are a company’s biggest asset and, unfortunately, often its greatest risk. Mitigating the risk posed by users is an ongoing challenge. You can limit their access through admin rights, but you can’t always prevent them from opening corrupted emails. You can force them to routinely change their passwords, but can’t prevent them from clicking malicious links.
So what can you do to ensure your company stays as secure as possible? Educate your users! Turn them into a security-aware workforce that would no sooner click a malicious link than download a corrupted patch. Read on for tips from Lumension’s Paul Zimski on what you can do to secure your greatest risk area: the users.