blog-header.jpg

IT and Copier Talk Your Business Can Rely On

The Biggest Security Mistake? It's Probably Not What You Think

Posted by Monique Phalen | Sep 27, 2017 11:52:11 AM

What's the biggest network security mistake companies make? Not training employees.What's the biggest mistake companies make about their security strategy?

Think about it for a second.

I'll wait.

You probably guessed paying too little, not having a strategy, having the wrong technology, or something related to one of those three categories.

Those are good guesses – and they ARE causes of information insecurity for businesses in the United States and around the world.

For the sake of argument, let's say you have a strategy and have payed for the right amount of security infrastructure (network, consulting, staff). That's great.

But.

If you aren't aren't training your users on security best practices, you increase your risk of a data breach.

Heck, even with the best training, users still will make mistakes.

After all, they're only human.

How can you cover all of your network and information security bases?

You probably guessed already: training.

Not taking the time to train employees is a huge mistake companies make. And that's companies of every size in every industry. I'm not talking about training about how to create a password, but regular, ONGOING training that reinforces how important employees are when it comes to network and information security.

I've mentioned before that employees are a network and security risk:

Still, it's worth mentioning again because in addition to many security breaches occurring because someone forgot to update the anti-virus software or install a patch, the other issue that pops up over and over again when it comes to network security is employees.

Insecurity From the Inside

A breach report from IBM reveals that 45% of breaches were from insiders – some malicious, while others were merely clueless.

Constructing a strategy that protects only against threats from the outside is essential, but only half the battle. You can't ignore the internal, employee side of security.

Here are a few suggestions for training. The most important suggestion is – train everyone in the company about information security!

I wrote about one key training tip last week. You can read about it here: Cybersecurity Training Tip – Why Explain Why.

Don't ignore technology. By now, you should understand the privacy, risk, and security implications of mobile devices. Companies lagged behind creating policies for including smart phones in their IT and security policies. Some new technology that will disrupt how we work is being developed right now. Keep your eyes open and don't think your security policy is ever “finished.”

Weed out bad actors from the start. Have HR vet potential employees against federal registries, especially for sensitive or important security positions. There's always a risk of an employee becoming disgruntled while working at your company, but you should do your best to avoid bringing in a bad apple from the beginning.

Review policies. Ensure everyone knows that a policy exists. Make them sign off on the policy and remind them frequently that it exists.

Trust, but verify. Have oversight so that no one person can throw your entire security plan off balance.

Training. Regularly (that means probably more than once/year) bring employees together to review security policy or alert them to the latest hacker tricks – like increasingly sophisticated social engineering fishing attacks.

We've put together 53 security tips for you to use. Download a copy for yourself by clicking on the image below.

 Avoid hackers. Stay safe. Click here to learn more.

Topics: Security

Written by Monique Phalen

Mo is the resident IT go-to lady at AIS. She has traveled the world, run a marathon, is a self proclaimed crossword champion, and can do ventriloquism. She has an uncanny memory ....down to the detail. She has 4 half marathons and hates running. In her free time, she likes to spend time with her 7 siblings and 20 nieces and nephews.

Leave a Comment