The was a short article that appeared in Silicon Beat that reiterates something I have been recommending for a long time. The weakest point of entry into your computer network is your all too human employees. The study found that 31% of cyber attacks start out from “unintended disclosures.” Usually what has happened is that an employee has read and responded to some sort of clever phishing email, and provided user credentials to the network. Another 24% were due to the loss of paper records, which can happen through dumpster-diving, or outright theft from an unlocked car or unattended desk.
The solution to this problem only comes through a thorough training program, and an established set of information security policies which define how information is stored, transmitted, and ultimately destroyed. From this beginning most small businesses can significantly reduce the number and severity of computer security incidences, from simply avoiding the cost of removing malware from infected systems, to larger issues such as securing financial, proprietary, and customer information.
This sort of training is available, and may offer a better ROI than investing in a bunch of security hardware devices. Remember, most firewalls will not block a request coming from inside the network perimeter, and in many cases will allow a response to that request, even it is directed to a cyber-criminal’s command and control server. Training, and regular retraining, is the best way to harden the human perimeter in your company.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com