End-users: from Weak Link to Security Enabler

End-users have a rough time when it comes to cybersecurity. Described as “the weakest link” in an organization’s security, end-users are often blamed for dire organizational consequences resulting from their credentials becoming compromised, or from their device becoming infected. Yet, where do policy and direction of leadership end, and actions of end-users begin? What is a reasonable role for your average employee in securing your organization? In this post, as part of our “Security Takes a Village” theme, we explore reasonable expectations for end-users, and what management can do to encourage and enable compliance. We posit that the role of the end-user is highly dependent upon the processes available to them, and how well such processes are communicated.

What should we expect of end-users?

There are certain ‘basics’ that are easy for non-technical employees to understand, adhere to, and provide feedback upon if there is a problem. These are:

  • Having a password that is in keeping with a policy
  • Not sharing credentials or access to systems
  • Using devices that work is done upon reasonably
  • Communicating which external systems, software, or partners are used

These are easily turned into policy, communicated and enforced, if you have a person responsible for them.

Beyond such preventative measures, awareness is required for users to react appropriately to some threats, like malicious websites, phishing emails, or attempts at social engineering that they encounter. This is traditionally dealt with by conducting awareness training, and assessed by doing tests. Tests can be of the traditional “school exam” style quizzes, though increasingly organizations are auditing their users by sending benign phishing emails and reporting on the proportion of users who report, ignore, or are duped by them. So, another key role for your staff in securing your business is reporting when suspicious emails or social engineering attempts occur.

Encourage (Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by IntelliGO Networks. Read the original post at: https://www.intelligonetworks.com/blog/end-users-secure-your-business