Education is the key to smart security preparation
16th Feb 2014 | 12:00
Affordable and effective security policies
Companies are always under threat from a security point of view and with networks becoming bigger, faster and more complex, security threats and violations are becoming harder to detect and difficult to stop.
More than ever, user education, predominantly through the use of electronic communications policies, is becoming central to securing company networks and avoiding cyber-attacks.
Network security may have evolved into new realms of complexity, but even in a highly secured network, the end-user is your weakest link.
Trends such as mobile workforce and BYOD have left companies increasingly vulnerable and if organisations want to leverage BYOD without risking security breaches, they must ensure that users take personal responsibility for how their behaviour can impact a company's network.
Well established rules
A concerted effort to curb employee data compromise should incorporate admin, human resources, IT and top-level management, collaborating to set out clear and well-publicised rules and using training sessions to educate users on the consequences of non-compliance.
By conducting internal IT security policy tests for employees, users can be encouraged to learn policy violations and their potential impact on the business.
To ensure that security is taken seriously, companies can also register employees for free daily online security tips, like these from the SANS Institute.
The simple, and often common-sense measures that employees can take to help keep data secure are often the most effective, including the immediate reporting of lost devices, working closely with the company's IT team, refraining from installing apps from unknown sources, not putting off security updates and ensuring they have strong passwords suitable for corporate systems.
Companies must also be cognizant of data theft from within the organisation, often caused by the ease of access to data. As the old saying goes 'don't give your house key to the burglar'.
Phishing is become more common on the Web, so users must be encouraged not to enter personal, financial and security information (such as username password, bank account number, credit card PIN, etc), or follow rogue links in an email or chat message from an unknown source.
There are steps that a watchful and well-equipped IT department can take to pre-empt data theft, with network data providing valuable insights into employee behaviour. With the help of a reliable security and information event management tool, you can build rules to restrict unauthorised access and be notified about violations.
Security education is part of smart security preparation. Better awareness and preparedness will help avoid many commonplace security lapses. Cyber-security threats are not just the preserve of the enterprise and SMEs must also be prepared.
Combine smart preparation and user policy with the security tools that are affordable and efficiently serve multiple network and security requirements while accounting for cost savings.
- Don Thomas Jacob, Head Geek at Solarwinds has worked in a variety of tech roles including tech support engineer, product blogger, product evangelist, and tech marketing lead. His experience and interests lie in network performance monitoring, security analytics, packet inspection solutions, flow-based technologies like NetFlow, sFlow and IPFIX, and technologies such as QoS, NBAR, IPSLA, and Cisco Medianet and MediaTrace.