INNOVATION & TECHNOLOGY
Completing Your Cyber Defense Cybersecurity end-user awareness training
I
’m sitting at my desk checking email and notice I’ve received a message from my favorite coffee shop: “We appreciate you being a loyal customer. To say thank you, click the link below for a $10 gift certificate.” As I eagerly prepare to redeem my reward, I hear that voice in my head saying, “BEWARE!” The scenario above is played out thousands of times every single day and is referred to as a phishing attack. The attacker is using this scheme to get you to click so that malware or other devious software can be downloaded to your computer. Afterward, all chaos could break out, or the attacker could stay silent and collect valuable data that you would never knowingly provide, such as credit card or bank account login information. In another phishing example, you receive an email from an executive in your company: “Hey Bob, I need the attached invoice paid immediately. I’m currently on the road, so please take care of this. The company will reimburse you.” Bob, being a good soldier, puts the “invoice payment” on his credit card only to see his manager walk by ten minutes later. There are numerous other schemes hackers use to get the unjust reward they seek, the majority of which can be handled via a strong cyber defense. If your organization has an IT department with knowledgeable resources, or if your organization contracts with a managed service provider, the reasonable assumption is that they are taking the necessary steps to keep the intruders out. However, caveat emptor, let the buyer beware. My strong recom-
mendation is to have a trusted cybersecurity professional evaluate your internal or external service provider offering so that any gaps or inadequacies can be identified and remedied. However, a strong cyber defensive posture alone is not enough. Most industry experts agree that a large percentage of cyberattacks start with human error inside the organization. Said in simpler terms, we may have a strong defense but we tend to invite the intruders in. Clicking on links we shouldn’t click on, responding to unusual or inappropriate requests, maintaining weak passwords, unknowingly releasing company confidential information, inadequate wireless access control, inappropriate web browsing and numerous other mishaps become a huge welcome sign to the unlocked doors that intruders are looking for. We often make their jobs easier without even knowing it. What’s the solution for such an ongoing dilemma? Cybersecurity end-user awareness training. Training topics and approach Cybersecurity end-user awareness training focuses on the “end-user” of your organization’s IT Services. This excludes the typical IT professional, with the assumption that the IT resources are well aware of cybersecurity best practices. End-user awareness training focuses on those IT service users that may not be cyber aware and need an ongoing reminder of good cybersecurity hygiene. meadowlandsmedia.com
September 2020
11
