The 5 W’s of End-User IT Security
You may have heard the terms “end-user IT security”, “end-user IT security training” or “end-user IT security awareness”, but do not have a firm grasp on what those terms mean or their importance to your small business.
The following primer explains the Who, What, Where, When, Why and How of End-User IT Security:
Who?
What?
- What tactics hackers deploy to evade security solutions
- What motivates cyber criminals
- What you, your employees and vendors should look for to recognize current and future scams
- What procedures you, your employees and vendors should follow if they are victimized by a cyber criminal
- What ongoing activities can be used to keep employees vigilant in the course of a busy work-day.
Where?
When?
Why?
- To tout your employees’ training and ongoing vigilance to your customers and vendors as evidence of your commitment to securing their information.
- Cyber criminals bypass your costly security solutions by attacking your employees — more than half of security incidents in small businesses result from employee error or ignorance (52% according to the computer trade association CompTIA).
- More than half of small businesses that lose critical data to hackers file for bankruptcy within a year. If the breach is large enough, it could result in expensive notifications to potentially affected parties and negative publicity.
- Almost all Ransomware attacks are launched through social engineering tactics.
- Hackers successfully steal data from small business networks they breach at an alarming rate (82.6% according to a 2015 Verizon study).
- Small businesses represent easy prey because they can’t afford dedicated security specialists. They can also be potential paths to much larger prey (the Target breach in 2013 started with a social engineering attack at a Target HVAC vendor).
How?
- Developing or updating an Acceptable Use Policy for your employees’ and vendors’ use of the network
- An engaging presentation of your Acceptable Use Policy that explains how the policy protects your employees, your company and your customers, with real-life examples of social engineering cons, the motivations of hackers, and steps to follow in the event of a successful attack
- Keeping your employees’ vigilance high with regular email alerts about new attack methods and imminent threats
- Ongoing monitoring to ensure compliance with the Acceptable Use Policy
- Random testing to ensure continued vigilance
Understand that the size of your small business will not make you immune to probing by hackers. They understand that no matter how small, your business might store data that can be re-sold on the black market, used as a path to larger prey you do business with, or be held hostage for a sizeable ransom. And the barrier to entry might only be an ineffective anti-virus solution.
With a 10 percent increase in the past year in social engineering attacks by hackers (Verizon study), you don’t want to have to explain to authorities, your customers, your vendors, your employees, the media and the public that their personal or confidential information might have been compromised — because an employee unwittingly opened the door to hackers.
To learn more about how the FlexIT End-User IT Security Program would apply to your small business, contact Eric Magill at 302-537-4198 or ericm@flexitechs.com.
