It is important that people constantly remain vigilant when it comes to security.
What was adequate last year may not be enough this year.
Even as better firewalls, VPN, and Two Factor Authentication initiatives are implemented, one must consider where organizations are most vulnerable to attacks.
Modern security does a great job of securing from outside attacks. However, most intrusions are coming from inside the organization.
How is this done? By gaining access through unsuspecting employee
Users present the largest threat to security by far. Whether actions are performed maliciously or unintentionally, the result often leads to the same conclusion: risky behaviors pose a genuine threat to the security of your device’s critical or sensitive organizational data.
Phishing poses a threat to organizations as more communications shift online. Without proper training, employees can serve as access points for cyber phishing.
The hardest part of phishing training is building a business culture of openness and awareness. Mistakes happen. When an employee inadvertently responds to a phishing email, it’s smart to educate and correct it. If employees feel shame, they may be reluctant to report errors in the future, denying security teams the
chance to contain threats fast. Given the potential consequences of an uncontained threat, phishing training needs to include everyone from the CEO down.
Phishing training should not be limited to just email phish but also voice calls (vishing) and sms texts (smishing).
Comprehensive training does not have to take a lot of time (less than 2-3 hours per employee per year) but needs to be smart enough to provide additional training to employees that are susceptible to phishing attempts. Training is also not very expensive and should be repeated for new employees.
Speaking of protecting privacy, modern computing environments often support a mix of ownership models, including BYOD. While offering the same level of privacy protections to personal devices as it does company-owned endpoints, management and security must be flexible to not overreach and instead focus on preserving end-user privacy without compromising security — and vice-versa.
For more information contact MC Services for your security needs, from phishing training to a complete security audit.