It doesn’t matter how great the lock is. If someone leaves the front door open, the building won’t be secure.
The same principle is true in cybersecurity. For all of the technical ingenuity that goes into protecting digital assets – the firewalls, the levels of encryption, the access controls – the biggest potential danger to a system is often the behavior of the people using it.
For too many networks, the weakest link in security isn’t the technology; it’s the user.
But, it doesn’t have to be that way. If users are trained in and aware of best cybersecurity practices, they can move from being the weakest links in network security to the strongest assets.
First, a caveat: how aware should users be? – and what does user awareness even mean?
When it comes to assigning users responsibility for awareness, there are two ends of the spectrum. On one end are those who claim that users should have no responsibility – that is, secure systems should be designed so that users aren’t capable of compromising them. If user action (clicking on a malicious link in an email, for example) causes a network breach, then the fault is in the design of the system or software.
On the other end are frustrated IT professionals who bemoan every security breach as “user error.” Systems would stay secure if only people used them correctly – and, accordingly, a breach is always the user’s fault.
For our part, we believe the truth is probably somewhere in the middle. It’s true that IT systems should be designed to be as secure as possible, and that means following the principle of least privilege, ensuring software configurations are customized to fit your environment, etc. But, it’s also true that no technical construct can truly safeguard against the many permutations of user error. The average user is not a security guru always on the lookout for potential vulnerabilities, and we can’t expect them to be.
The best path, then, is to design networks to be as secure as possible, while giving users as much awareness of best practice cybersecurity standards as possible, too.
So, user awareness means continued training to understand industry standards and avoid common mistakes.
Many people are simply unaware that cybersecurity is a real risk. It is simply something that happens to those big corporations.
One report found that 72% of respondents in the U.S. feel safe from IT security threats. That’s in spite of the fact that more than half of Americans have had personal data compromised within the past year, not to mention that up to 90% of businesses have experienced a hack.
Users are not to blame for this incongruity. It is our duty to educate them on the risk. What common attack vectors are used by hackers? What are the policies around bringing thumb drives from home?
So, make sure that cybersecurity training includes an emphasis on the real, practical risks of unsecured networks. A proper understanding of that risk is the foundation for good practice.
Users don’t need to know the technical intricacies of IT; they don’t need to know what a crypto key does, what content protection system architecture is, or the history of end-to-end encryption.
But, they should know the basics of cybersecurity, and EDR both in a general sense and in regard to the software they’ll be using. That includes:
Obviously, that’s not an exclusive list, but it does exemplify the type of general knowledge that users should have.
It’s difficult to keep up with every patch and update that comes out, even for dedicated IT people. But, at the same time, staying updated is important; existing vulnerabilities represent easy routes for hackers, and, in fact, many of 2017’s biggest hacks capitalized on security flaws that were well known.
Average users, of course, can’t be expected to stay on the cutting edge of cybersecurity news – they have other priorities. But, IT personnel should do their part to notify users of any major vulnerability that could affect the company.
If there is a critical Microsoft update, do your best to let users know. The same goes for other widely used software platforms. Yes, it is the responsibility of IT to manage system updates. But making users aware of the risks helps – it can expedite the update process, and minimize the risk that a user will be affected at home (which can end up compromising a network if you have a BYOD policy).
Users should also be aware of general hacking trends.
This is, often, a cause of frustration for IT staff. After all, shouldn’t users be aware that it’s best not to click the link in that spammy email? Shouldn’t they understand that clicking suspicious banner ads is an activity best avoided, or that the old, useless apps on their phones represent a security risk that should be removed?
Well, yes – users should be aware of those things. It’s best for them and for IT systems if they have that knowledge.
But that knowledge isn’t innate. Each behavior is learned, and avoiding common hacker techniques will be easier for users if they have an understanding of what factors contribute to the likelihood of a hack.
Finally (and on a similar note), users will have an easier time protecting network security if they recognize and avoid a few common cybersecurity mistakes.
Common cybersecurity mistakes include:
Don’t leave the front door open. Security is important – and that means it’s important to dedicate time to strengthening the locks and the people who use them.
That’s why, at Swift Systems, we focus on both. As a premier managed IT services company in Maryland, we’ve worked with businesses just like yours for almost two decades. Our managed services take the pressure of fighting fires away from your internal IT staff, and can even offer a full, outsourced staff that scales as your needs do.
And that means more time for training users – and more time for strengthening technology, too.
You don’t have to concede that your users will be the weak link in your network. With IT training, educated users can be major IT assets.
For the absolute best in business IT security, contact Swift Systems today – or call 301-682-5100 – to see how we can help your business and your users secure your networks.
IT systems are foundational to modern businesses. Too often, that foundation is unsteady. Unpredictable outages, insecure networks, and unreliable performance from mission-critical systems can jeopardize your entire business.
There’s a better way. Learn how.
Get in touch with us for a free consultation with one of our technical experts. We’ll review your current systems, assess your needs, and identify the coverage options to best meet them.
Get in touch with us by phone: