User Training … Security’s First Line of Defense

by | Apr 6, 2020 | Security

“Hi Linda, this is Rob in IT. Our CEO demanded we run our regular security checks a few weeks early. I need to test your password strength …”

A frequent misconception about IT security is that it involves complex technology solutions. The reality is that regular employee security training can reduce the likelihood of an intrusion by up to 70%. Training is a critical first step in turning your company’s greatest security liability into your greatest security asset.

Internet usage policies, data handling, labeling policies, security violation reporting, proper password creation and usage, and environmental awareness are just a fraction of security holes that can be filled by training users in proper security hygiene. Basic security training does not mean you inundate your team with an overwhelming flood of information.

Depending on your company’s business sector and internal culture, it should be delivered in a simple manner to all users, while becoming increasingly more specific for smaller groups and departments as needed. Small bites are easier to digest.

All users should adhere to the following basic security best practices:

    • Never write down your password, use a password manager instead
    • Never give your password to anyone, including your IT team
      • Your boss and the IT department should not need your password for access or testing
    • Use multi-factor authentication (MFA) for all systems, not only email
    • Be aware of your environment
      • Do not enter usernames and passwords over unsecured networks (airports & hotels)
      • Do not enter usernames and passwords in view of other people
    • Confirm all attachments with the sender before opening

Unless specifically expecting an attachment, double check, even if the sender’s address is known

  • Never plug unknown devices into your computer
    • Found devices, such as USB drives (thumb drives), may contain viruses from someone with bad security hygiene, or planted purposely by bad actors
  • Report any antivirus or workstation update issues to IT as soon as possible
  • Avoid shared login accounts
  • Report strange information requests or odd behavior
  • Do not follow emailed web links to external sites
    • Redirected or spoofed web links can easily lead to malicious sites

These are just some of the best practices your team should follow to reduce the risk of being hacked by cybercriminals. Our post about ACH phishing has some good tips too.

ZAG is experienced in security training and can assist you in evaluating the best options that meet your business needs. Our mission is to enable your success, which since we all known “defense wins championships,”” starts with security. Contact us now to schedule staff security training.

Related Content