Hold that line, baby hold that line.
Get up boys and hit ’em one more time.
We may be losing now but we can’t stop trying.
So hold that line, baby hold that line.
(from “Just One Victory,” words and music by Todd Rundgren)
Sometimes, it comes down to whose hands are on the keyboards, and whose eyes are on the screen.
The best, most secure systems can be brought down by careless (or foolish) decisions made by what is traditionally your company’s asset having the least security of all: your employees.
This would be the most secure system ever if we could just keep our employees off of it. You may have never said it. But I’ll bet you’ve thought it.
Network security is tricky. It’s tricky because once you have a handle on the newest, most sophisticated attack, there’s a new one. And it’s expensive. It always has been, and with attacks coming from more sources than ever, it’s likely to get even worse.
But how much would a major breach of your your system cost you? In lost revenue? In downtime? In repair and restoration?
The hard truth is your IT system has to walk a fine line. You have to have a system accessible to employees and fluid enough to run your business, balanced with security requirements that provide the highest measure of safety possible. Most small- to medium-sized businesses do not have time or resources to stay on top of every emerging threat.
That’s where an informed and educated employee workforce can help—not hinder—your efforts. It’s called your human firewall. It’s not another piece of equipment. It’s simply doing everything possible to keep your own workforce from being a weak link in your security protocols. Having a good human firewall relies on three major initiatives your company is responsible for.
Educate your workforce.
Too often, education is viewed as unproductive downtime. In fact, education is crucial to a good human firewall. And it must include every level of the organization—from line-level to the executive suite. Having a security team is not a human firewall. As hard as it is to believe, many users (and perhaps some on your network as you read this) do not understand that links from unknown entities can contain viruses, trojan horses and worst that, when clicked, run rampant into your system. Training users not to click links in unexpected emails is one simple piece of education every company can do. Other good hygiene efforts employees can engage in are not using company system to visit unsecure shopping sites, even on break times, deleting emails from trash and spam folders and not even opening mail from unknown senders.
But I thought we had anti-virus software on our laptops? If you’re smart, you have it on every piece of equipment on your network or with access to it. But it’s important for you (and employees) to realize even the most sophisticated anti-virus software can’t protect a business from poor human practices like visiting pirate sites or unsecured social networks. Each employee should be encouraged to, as much as possible, think like a security professional, or at least be cautious enough to think twice before acting.
And your IT departments should not be excluded from education sessions.. The best concert pianists still practice scales. Your IT staff should be aware that, because of research into new products and services, along with having administrative privileges on the network may make them the most vulnerable targets of the entire workforce.
Minimize poor decision-making.
To minimize human error you have to target decision-making. There is now an entire industry built on using systems to gain trust then manipulate users to access areas that appear to be from reputable sources. Known as phishing, it requires a user to participate. The best defense against a phishing scam is to not fall for the scam. However, new technologies, including sophisticated email gateways are also helping to deal with these threats by creating unique safe links in every email hyperlink before it reaches the user’s inbox. Since some employees will invariably click bad links, an added layer of protection is vital to protect users who either accidentally or intentionally fail to follow training and guidance.
Know your new threats.
Finally there’s the issue of emerging threats themselves. The nature of new threats (usually involving phishing, malware or both) is that they change quickly, adapt to the latest security measures efficiently and evolve constantly. As hard as this number may be to believe, tens of thousands of new malware variations appear somewhere on the internet every day. Not month. Not year. Every day! With so many new attacks, you simply cannot rely on what worked yesterday to stay ahead of the game today.
Keeping your antivirus software up-to-date and current is your absolute minimum level of defense. Go a step further and let Carolinas Net Care conduct on-site training with your key employees in all mission critical departments on being aware of current threats, future threats, their sources and how to avoid them. It’s also important to make sure employees at all levels read the communications, take note and alter any behavior that may put your systems in a more vulnerable state. (Click here to learn more about User Training conducted by Carolinas Net Care.)
As with many process protocols companies put in place, the human element in cyber security is often overlooked, resulting in a potential for disaster to any organization. Implementing an effective human firewall is a crucial line of defense. Success depends on educating your workforce, minimizing poor decision-making and knowing your threats.
There are more things you can do. What do you have in place today to build up your human firewall against attack?
ShareJAN
2017
