I am confident that training is the most vital component to prevent most of our IT security issues. I believe in a holistic approach. Training and communicating with technology users is the most effective way in keeping your network and data safe. For instance, the sign in process. Do all your users have passwords or fingerprint readers, as some new laptops come equipped with to ensure a secure login process? What are the password policies? How often are they being changed and are complexities being met? Password policy is key to instilling a secure culture within the business landscape. It is the bare minimum requirement and should be mandatory. I can’t tell you how many times I have gone into a place of business after a security breach and found that no one in the office was using passwords to login. Another major concern in our society, technologically speaking at least, are viruses or malware that take your files hostage, or better known as CryptoLocker. CryptoLocker is a socially engineered malware, SEM. SEM’s are attacks directed towards users made to deceive them and inherently download and install the malicious software onto a business computer. Installation of this software can cause a myriad of problems such as locked local and network files. With most variants of the Cryptovirus you are looking at considerable time, data, and money loss. This loss can be mitigated by providing the proper training and education to your employees. Showing them how to keep their eyes open for phishing attempts through email and web browsing is as simple as having a protocol or process in place to notify their IT admin or IT liaison. Yes, there are other systems you can put in action to avoid the catastrophe of a Cryptovirus such as Software restriction policies, but with a little training and motivation you can make your technology users more aware and frankly, the first line of defense.
Please feel free to post your questions, comments, and suggestions. You may also email us at firstname.lastname@example.org .