The Weakest Link in Your Network
It doesn’t matter how great the lock is. If someone leaves the front door open, the building won’t be secure.
The same principle is true in cybersecurity. For all of the technical ingenuity that goes into protecting digital assets – the firewalls, the levels of encryption, the access controls – the biggest potential danger to a system is often the behavior of the people using it.
For too many networks, the weakest link in security isn’t the technology; it’s the user.
But, it doesn’t have to be that way. If users are trained in and aware of best cybersecurity practices, they can move from being the weakest links in network security to the strongest assets.
What User Awareness Means – and Doesn’t Mean
First, a caveat: how aware should users be? – and what does user awareness even mean?
When it comes to assigning users responsibility for awareness, there are two ends of the spectrum. On one end are those who claim that users should have no responsibility – that is, secure systems should be designed so that users aren’t capable of compromising them. If user action (clicking on a malicious link in an email, for example) causes a network breach, then the fault is in the design of the system or software.
On the other end are frustrated IT professionals who bemoan every security breach as “user error.” Systems would stay secure if only people used them correctly – and, accordingly, a breach is always the user’s fault.
For our part, we believe the truth is probably somewhere in the middle. It’s true that IT systems should be designed to be as secure as possible, and that means following the principle of least privilege, ensuring software configurations are customized to fit your environment, etc. But, it’s also true that no technical construct can truly safeguard against the many permutations of user error. The average user is not a security guru always on the lookout for potential vulnerabilities, and we can’t expect them to be.
The best path, then, is to design networks to be as secure as possible, while giving users as much awareness of best practice cybersecurity standards as possible, too.
So, user awareness means continued training to understand industry standards and avoid common mistakes.
Here are five things users need to know.
1. Users Should Know the Risks of Poor Cybersecurity
Many people are simply unaware that cybersecurity is a real risk. It is simply something that happens to those big corporations.
One report found that 72% of respondents in the U.S. feel safe from IT security threats. That’s in spite of the fact that more than half of Americans have had personal data compromised within the past year, not to mention that up to 90% of businesses have experienced a hack.
Users are not to blame for this incongruity. It is our duty to educate them on the risk. What common attack vectors are used by hackers? What are the policies around bringing thumb drives from home?
So, make sure that cybersecurity training includes an emphasis on the real, practical risks of unsecured networks. A proper understanding of that risk is the foundation for good practice.
2. Users Should Know the Basics of Cybersecurity Technology
Users don’t need to know the technical intricacies of IT; they don’t need to know what a crypto key does, what content protection system architecture is, or the history of end-to-end encryption.
But, they should know the basics of cybersecurity, both in a general sense and in regard to the software they’ll be using. That includes:
- Knowing what a strong password looks like
- Knowing what a phishing attack looks like
- Understanding the definition of ransomware
- Knowing how to tell if a site is on https
Obviously, that’s not an exclusive list, but it does exemplify the type of general knowledge that users should have.
3. Users Should Know Any Major, Noted Vulnerabilities
It’s difficult to keep up with every patch and update that comes out, even for dedicated IT people. But, at the same time, staying updated is important; existing vulnerabilities represent easy routes in for hackers, and, in fact, many of 2017’s biggest hacks capitalized on security flaws that were well known.
Average users, of course, can’t be expected to stay on the cutting edge of cybersecurity news – they have other priorities. But, IT personnel should do their part to notify users of any major vulnerability that could affect the company.
If there is a critical Microsoft update, do your best to let users know. The same goes for other widely used software platforms. Yes, it is the responsibility of IT to manage system updates. But making users aware of the risks helps – it can expedite the update process, and minimize the risk that a user will be affected at home (which can end up compromising a network if you have a BYOD policy).
4. Users Should Know General Hacking Trends
Users should also be aware of general hacking trends.
This is, often, a cause of frustration for IT staff. After all, shouldn’t users be aware that it’s best not to click the link in that spammy email? Shouldn’t they understand that clicking suspicious banner ads is an activity best avoided, or that the old, useless apps on their phones represent a security risk that should be removed?
Well, yes – users should be aware of those things. It’s best for them and for IT systems if they have that knowledge.
But that knowledge isn’t innate. Each behavior is learned, and avoiding common hacker techniques will be easier for users if they have an understanding of what factors contribute to the likelihood of a hack.
5. Users Should Know and Avoid Common Mistakes
Finally (and on a similar note), users will have an easier time protecting network security if they recognize and avoid a few common cybersecurity mistakes.
Common cybersecurity mistakes include:
- Not using a strong password
- Reusing passwords
- Not updating outdated software
- Storing personal data in unprotected areas
- Not backing up data regularly
- Using public networks to transfer private data
- Leaving physical assets unprotected – i.e., leaving the receptionist computer unattended, a USB drive sitting on a desk, or the server room door unlocked
How to Boost Security and Educate Users
Don’t leave the front door open. Security is important – and that means it’s important to dedicate time to strengthening the locks and the people who use them.
That’s why, at Swift Systems, we focus on both. As a premier managed IT services company in Maryland, we’ve worked with businesses just like yours for almost two decades. Our managed services take the pressure of fighting fires away from your internal IT staff, and can even offer a full, outsourced staff that scales as your needs do.
And that means more time for training users – and more time for strengthening technology, too.
You don’t have to concede that your users will be the weak link in your network. With IT training, educated users can be major IT assets.
For the absolute best in business IT security, contact Swift Systems today – or call 301-682-5100 – to see how we can help your business and your users secure your networks.