What Every End User Should Know About Online Security

What your end users dont know about security could hurt your business. Here are some tips that may help

[Excerpted from What Every End User Should Know About Online Security, a new report posted this week on Dark Readings
Endpoint Security Tech Center
.]
Every day, enterprises deploy technologies and policies that are designed to keep end user information safe and to prevent end users from exposing enterpris data to potential attacks from outside the organization. And every day, end users forget, ignore or openly break endpoint security policies and controls to gain access to the data and applications they want to use.
When employees break security policies, its not usually done with any malicious intent; human error is often the cause, as is a failure to appreciate how risky certain actions -- such as circumventing security controls to complete a task more quickly or to help out a colleague who has forgotten his ID card or login credentials -- can be. And while sharing a password or sending a spreadsheet of clients to a personal email account so it can be worked on at home may be done with the best of intentions, such actions undermine IT security policies and put endpoints and enterprise data at risk.
Employees dont adhere to security policies for various reasons, such as these:
* Theyre not aware of them.
* They dont understand the potential consequences of their actions.
* They see such policies as a hindrance to getting their jobs done.
* Security isnt seen as being that important.
These issues need to be tackled head-on to change users approach to protecting their work environment. Security has to be seen as making online life possible, not impossible.
Spending security budgets on new technologies in the hope that they will be the silverbullet solution to failings in user behavior is not the answer. Focusing instead on behavior-based strategies to minimize human error, particularly issues caused by ignorance, will pay far bigger dividends.
According to the U.K. governments Information Security Breaches Survey 2013, theres a clear return on investing in staff security-awareness training: According to the survey, 93% of companies where security policy was poorly understood had staff-related breaches, versus 47% where policy was well understood.
Security policies are often ignored because organizations fail to explain why certain security controls and procedures are necessary. For this reason, many users see these controls and procedures as the equivalent of red tape --pointless obstacles to keep the technocrats in IT happy. If people understand the challenges the business faces when it comes to keeping systems and data secure, theyre far more likely to accept the need for security.
But how do you get peoples attention, make them sit up and think, ask questions and take a genuine interest in IT security?
Shock and awe. Security-awareness training should start with a wakeup call to complacent executives and users. Get their attention by showing them how cybercrime has become a global and sophisticated business. Hit them with some cybercrime stats and the latest scams, and emphasize that each and every one of them (literally) is a target.
To find out more about end user training -- and for a list of some of the key lessons you should teach --
download the free report
.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
What Every End User Should Know About Online Security