And my mom is 93 and I listen to my mother! Training is a critical piece of every business model. No matter your product or service and your not training your staff get out of the game your going to lose…everything!
No matter how good your prevention steps are, breaches are inevitable. But user education plays a big part in minimizing the danger. Make it a key aspect of your prevention strategy. Start by training staff on security policy. Augment this by creating a simple handbook on the basics of security. This should include reminders to never to insert USB drives from outside devices into work machines. It should also review password management, such as not reusing work passwords on other sites or machines.
As it represents one of the biggest dangers, phishing demands its own training and instruction. Let users know that hovering over email addresses and links in messages shows the actual email address or destination URL. Just because it says “Bank of America,” or “IT department” with all the right logos doesn’t mean it’s from that
source. Add further instruction to not open unknown file types, click on links, and open attachments from unknown people or entities. Coach them into a suspicious frame of mind regarding requests to send in their passwords or account details. If for instance, educating a student body in this manner isn’t feasible, put them on a separate network and severely restrict their access to sensitive data.
Security awareness training is strongly recommended. The best programs baseline click rates on phishing emails and harness user education to bring that number down. But again, don’t expect 100% success. Good employee education can reduce phishing success significantly, but it won’t take it down to zero. There is always someone who doesn’t pay attention, is in a hurry that day, or is simply outsmarted by a very clever cybercriminal. Comprehensive data security best practices must also be in force.
Next post find out about…Simulated Phishing & Red Flags…Think Before You Click!
Tina Louise ~ www.cloudplusservices.com ~ 888.871.6584