Use Technology For Security, But Train Your Employees To Be Your Biggest Defence
Your staff are valuable assets in more ways than one. Often they are the key to stopping Malware.
In one of our previous blogs, we examined how a Russian hacking group was able to use simple social engineering in order to access personal email accounts of top Democratic Party Officials in the hopes of derailing the Clinton campaign.
The interesting thing about social engineering is that it relies on the fact that it can bypass security technology typically positioned to protect against much more complex attacks. This was true of the DNC attack last year, and probably true of your organisation too.
Do more than lock your doors
Having a lock on your front door and windows is great way to stop burglars entering your home, but there have been many reported incidences of people (mostly vulnerable) being duped into allowing strangers into their home, either to scam them or steal from them. Those less vulnerable or more savvy understand that windows and door locks only repel certain types of burglary, and that being vigilant about who comes to your door is important. Being skeptical can often be the best approach and could end up saving you from being taken advantage of.
Luckily, these types of crimes (whilst occurring frequently) tend not to effect many households when one looks at how many houses there are in the UK. But for businesses it’s a different story. Not only is it much easier to commit a crime without having to be there in person, but every business with any form of online activity is at high risk of being hit with a malware, Ransomware, social engineering or virus attack at some point, and once they are on your network it’s difficult to predict what happens next. Some malware can trick sandboxing and lie dormant for years.
Using the analogy of household windows and doors, it’s important to have security measures in place from a technology perspective, but that’s only part of the bigger picture. Whilst the security team may be switched on and vigilant, and perhaps the MD and company owners as well, every day employees that are accustomed to their daily 9am to 5pm tasks may miss or even ignore security threats that bypass conventional technology.
As an IT security organisation, the staff of all levels at LAN2LAN are constantly double checking inbound emails (especially those with attachments) to make sure we avoid becoming the victim of primitive security breaches. It used to be that companies could excuse an attack through employee ignorance, but one need only glance at the news to see that ignorance of cyber-crime is no longer a valid excuse.
Train, train, train
Making sure your staff are skeptical of inbound emails or emails with attachments may seem over the top, but that’s exactly what hacking groups rely on, human inefficiency and doubt. Hackers need organisations to assume emails are safe and rely solely on their technology for protection. It’s more likely that an organisation has implemented security software than trained their staff. That’s the cyber-crime sweet spot.
Most schools hold assemblies and dedicate lessons to teach children about remaining safe online. Granted to reasons are different, but adults working for companies holding sensitive information should take a moment and take a leaf out of the schools’ book and start considering that network security education is an incredibly important system of defence and is a proven way of filling in the gap where technology falls short or is outsmarted.
LAN2LAN are IT security experts, both in what technology to implement and how to train staff to be vigilant and aware of the cyber threat landscape. We provide network security audits, consultancy, training, penetration testing, and advice to organisations concerned with threat management and security. For over 20 years we have provided solutions to even the most complex security problems and always use best of breed strategic vendor partnerships to help us deliver exceptional service and technology.
If you have questions about security education, technology, cyber security and how modern threats impact your business, get in touch with us today. Call 0870 787 4001 or email firstname.lastname@example.org