Viewing entries tagged

User Training... Security's First Line of Defense

User Training... Security's First Line of Defense

"Hi Linda, this is Rob in IT. We are troubleshooting an issue on the back-end.  I need your password to test functionality".

  • 60% of small to medium businesses are out of business within 6 months of a cyber-attack

  • 52% of data security breaches are caused by human error

Regularly occurring employee security training is a key first step in turning your company's greatest security liability into the greatest security asset.

Internet usage policies, data handling, labeling policies, security violation reporting, proper password creation and usage, and environmental awareness are just a fraction of security holes that can be filled by training users in proper security hygiene.

Basic security training does not need to be presented as an overwhelming flood of information.   Depending on your company’s business sector and internal culture, it should start as small as possible and be delivered in a simple manner to all users, while becoming increasingly more specific for smaller groups and departments as needed.  Small bites are easier to digest.

A baseline for all users should include a few basic steps:

  • Never write down your password

  • Never give your password to anyone, including IT

    o   Your boss and the IT department should not need your password for access or testing

  • Utilize Multi Factor Authentication (MFA)

  • Be aware of your environment

o   do not enter usernames and passwords over unsecured networks (airports & hotels)

o   do not enter usernames and passwords in view of other people

  • Confirm all attachments with the sender before opening

o   unless specifically expecting an attachment, double check, even if the sender’s address is known

  • Never plug unknown devices into your computer

o   found devices, such as USB drives (thumb drives), may contain viruses from someone with bad security hygiene, or planted purposely by bad actors

  • Report any antivirus or workstation update issues to IT as soon as possible

  • Avoid shared login accounts

  • Report strange information requests or odd behavior

  • Do not follow emailed web links to external sites

o   redirected or spoofed web links can easily lead to malicious sites

ZAG is experienced in security training and can assist you in evaluating the best options that meet your business needs. Our mission is to “enable our clients to succeed”.

Contact us now to schedule staff security training: 408-383-2000