You like to get along with people and be helpful. You think other people are generally trustworthy. Normally these are good qualities in a human being, but when it comes to computer security, those habits can let the bad guys run wild in your company’s network. A bit of paranoia is a good thing when you’re using the network. All businesses, not just IT companies, have to worry about breaches.
Forming the right habits
Crooks like to make you act before you think. If you get an email saying there’s a problem with your account and you have to straighten it out right away, it might or might not be legitimate. If you open the attachment that comes with the message, it could deposit spyware on your computer. People who claim to be from IT companies and need access to your computer could be anybody, if all you have is an email.
You might be aware of the risk, but what’s your first reaction? If you click and then say, “Oh-oh, should I have done that?” it’s too late. You only have to make that mistake once. To keep from slipping up, you need two things: a strong understanding of IT security policies and a set of ingrained habits.
That’s the reason for security training. It may seem like a nuisance, but it’s the surest way to avoid costly mistakes. A report from ISACA finds that organizations that conduct training at least annually and employ multiple methods report the most success in securing their data.
Getting the most out of security training
The Infosec Institute cites many benefits of cyber security awareness training. For the most part it looks at them from the organization’s standpoint, but some of them apply directly to you as an individual user.
The first benefit cited is the development of “a security-focused culture.” This means that not only do you develop the right habits, but your fellow employees are ready to back you up on them. If you’re the only one who sticks to doing the right thing, you can feel like “Mordac, the preventer of information services” in the Dilbert cartoons. If other employees are well-trained and back you up, it’s a lot easier to avoid carelessness. By the same token, you can encourage others when they resist the temptation to take shortcuts.
The second point is “empowering employees.” Being confident about what you’re supposed to do makes your job easier. When you follow the prescribed precautions, you’re helping to keep security incidents from happening. If you don’t know what the policies are for a situation, you might wonder if you’re being overcautious and will be criticized for it. Employees who know what the right course of action is are more confident and less prone to make mistakes.
To get the greatest benefit from security training, you need to build the right reflexes. Being able to answer quiz questions is nice, but the bottom line is how you react when someone tries to make you perform a risky action.
Habits to develop
Once you’ve learned the right habits, you’ll be safer in dealing with many situations.
- Passwords: You’ll create hard-to-guess ones and keep them safe. You won’t share them or use the same password on multiple accounts.
- Email: You’ll be alert for messages that don’t look right. If one asks you to do something you normally wouldn’t do, you’ll ask for confirmation first, using a different channel.
- Web: You’ll be careful about which sites you visit and what kinds of information you share with them.
- Voice and personal communication: It’s not just messages on the computer you have to be careful with. People may ask you in person or over the phone for information you’re not authorized to give. You have to put staying safe over being nice.
- Physical security: You’ll be careful with any portable devices you use, or any that are in public areas. You’ll remember to turn them off or lock them so no one can get at them. You won’t put the password on a sticky note in the device’s case.
You don’t have to be the biggest risk to network security. You can be one of its strongest protectors. It’s all a matter of knowing what to do and what to avoid. We can help your company to develop the network security and compliance that it needs. Contact us to learn how.