Skip to content

The 5 W’s of End-User IT Security

March 2, 2016

You may have heard the terms “end-user IT security”, “end-user IT security training” or “end-user IT security awareness”, but do not have a firm grasp on what those terms mean or their importance to your small business.

The following primer explains the Who, What, Where, When, Why and How of End-User IT Security:

Who?

End-user IT Security refers to securing the humans in your organization — you, your employees and vendors — by making them aware of the social engineering tactics used by cyber criminals to evade your firewall and anti-virus solutions.

What?

End-User IT Security Awareness training teaches you, your employees and your vendors about your company’s Acceptable Use Policy in the context of the social engineering attacks they face on a daily basis:    
  • What tactics hackers deploy to evade security solutions
  • What motivates cyber criminals
  • What you, your employees and vendors should look for to recognize current and   future scams
  • What procedures you, your employees and vendors should follow if they are victimized by a cyber criminal
  • What ongoing activities can be used to keep employees vigilant in the course of a busy work-day.

Where?

To make this a comfortable learning environment for you and your employees, we present your Acceptable Use Policy at the location of your choosing followed by ongoing monitoring, testing and training through your employees’ computers.

When?

We will make the initial presentation of the Acceptable Use Policy at a convenient date and time for your organization to minimize disruption. Subsequent ongoing efforts will be conducted with minimal disruption to your company, as well.

Why?

  • To tout your employees’ training and ongoing vigilance to your customers and vendors as evidence of your commitment to securing their information.
  • Cyber criminals bypass your costly security solutions by attacking your employees — more than half of security incidents in small businesses result from employee error or ignorance (52% according to the computer trade association CompTIA).
  • More than half of small businesses that lose critical data to hackers file for bankruptcy within a year. If the breach is large enough, it could result in expensive notifications to potentially affected parties and negative publicity.
  • Almost all Ransomware attacks are launched through social engineering tactics.
  • Hackers successfully steal data from small business networks they breach at an alarming rate (82.6% according to a 2015 Verizon study).
  • Small businesses represent easy prey because they can’t afford dedicated security specialists. They can also be potential paths to much larger prey (the Target breach in 2013 started with a social engineering attack at a Target HVAC vendor).

How?

The FlexIT End-User IT Security Program works by:
  • Developing or updating an Acceptable Use Policy for your employees’ and vendors’ use of the network
  • An engaging presentation of your Acceptable Use Policy that explains how the policy protects your employees, your company and your customers, with real-life examples of social engineering cons, the motivations of hackers, and steps to follow in the event of a successful attack
  • Keeping your employees’ vigilance high with regular email alerts about new attack methods and imminent threats
  • Ongoing monitoring to ensure compliance with the Acceptable Use Policy
  • Random testing to ensure continued vigilance

Understand that the size of your small business will not make you immune to probing by hackers. They understand that no matter how small, your business might store data that can be re-sold on the black market, used as a path to larger prey you do business with, or be held hostage for a sizeable ransom. And the barrier to entry might only be an ineffective anti-virus solution.

With a 10 percent increase in the past year in social engineering attacks by hackers (Verizon study), you don’t want to have to explain to authorities, your customers, your vendors, your employees, the media and the public that their personal or confidential information might have been compromised — because an employee unwittingly opened the door to hackers.

To learn more about how the FlexIT End-User IT Security Program would apply to your small business, contact Eric Magill at 302-537-4198 or ericm@flexitechs.com.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: