It's National Cyber Security Awareness Month (NCSAM)!
I’ve said before that the most vulnerable parts of any network are the people using it. Technology is good at following rules consistently, while people, for the most part, are not. I still stand by that notion. You can trust a power supply to supply power, it’s what it’s designed to do.
Technology may not work the way it’s supposed to all of the time, but it’s not like the technology itself has any control over its actions. People on the other hand…
Today’s blog post is different from the usual schedule of Monday and Thursday releases. I’m all for punctuality and consistency but, when the eleventh annual National Cyber Security Awareness Month (NCSAM) starts on a Wednesday, I’m willing to make an exception, get up early, and deviate from my usual schedule.
The theme for this year’s NCSAM is “Our Shared Responsibility”.
You can’t trust your users to do everything right, but in spite of that you can teach them not to trust themselves! Consider that for a moment… In the field of IT security you should trust no-one. What if you could teach that notion to your users so they wouldn’t trust their own judgment?
Would your users stop clicking random links which could just as easily lead to “10 cute kitten videos you have to see” as they could to Remote Access Trojans? Unfortunately, the answer is almost certainly no. If we change the question a little and ask: Would your users risk the security of your network and systems less often than they did before? Then the answer is almost certainly yes.
Training your end users in IT security’s best practices is key! In IT security the only absolute is risk, but that doesn’t mean you give up. You need to just keep building and improving the security of your systems. If you teach your users they will listen, and that provides more of a foundation for you to build upon.
As I explained back in September, there are a lot of ways to teach your users about IT security...
When it comes to educating your users about what is and isn’t an acceptable IT practice there are a lot of right and wrong ways to connect the dots. Simplistic messages and training sessions can make your users feel ignorant, gullible, or even unintelligent. Instead, the best responses tend to be those which are honest, informative, and relevant. A good way to approach this is by having a brownbag lunch, and discussing IT security issues that have recently received media coverage. People remember large events like when eBay was hacked, so you could work that into a lesson about not recycling passwords across websites. Making your lessons relatable will increase your employee’s retention... - Myself, Sep 22 2014
For more information about National Cyber Security Awareness Month, Click Here.