Computer security training isn’t just a matter of giving employees information. Knowing best practices is important, but it helps only if employees understand that they make a difference.
Talking about “viruses” which “infect” computers gives the wrong message. It suggests that attacks are just something that happens to computers, like catching a cold. The truth is that user errors make the majority of malware attacks possible, and that employees who think about security can avoid most of them.
Let’s start by going over best practices that encourage the proper mindset and promote secure action.
Email is where users make the most security mistakes. Employees need to recognize three things:
It’s not a “virus.” The attachment can’t do anything unless they open it. If they report suspicious mail to an administrator instead, their computers will be much safer.
Clicking on dubious links is another way employees invite attacks. What employees need to recognize here is:
In an ideal, bug-free world, users could access any website without risk. However, browsers do have bugs, so employees need to be cautious about what links they follow.
Weak passwords are a third big area for user error. Certain passwords are at the top of attackers’ lists for guessing, because they’re the most widely used ones. These include ones like “password” and “123456.” Criminals who guess them can get into their accounts and grab confidential information or manipulate company data. Employees need to know these things:
Employees who use easily-guessed passwords are effectively leaving the door unlocked. Anyone with malicious intentions will have an easy job of getting into their accounts and doing damage.
Smartphones and tablets are the newest targets for attack. They’re subject to the same kinds of attacks as desktop devices, but people don’t think about them as carefully. In addition to the other risks, they’re easy to lose. Employees need to recognize:
Encrypting their devices and requiring a strong password to unlock it is the best protection. Even so, employees should minimize the amount of sensitive information they store on them.
For each risk, the language needs to be about attacks and intrusions, not “infections.” Employees are responsible for keeping their devices and accounts safe, and what they do makes a huge difference.
CITOC is the trusted choice when it comes to staying ahead of the latest information technology and security tips, tricks, and news. Contact us at (713) 490-5000 or send us an email at firstname.lastname@example.org for more information.