Page 21 - Cyber Warnings
P. 21
There are IT professionals to handle the large-scale problems and exploits, but the human
problems cannot be tackled solely by technological measures. Some restrictions such as web
filtering software could be used, but it could undermine the goals of the organization while still
leaving blatant offenses as a risk.
Consider the following as training options to reduce risk:
A method of evaluation and testing so that managers can know who needs further
training and to what extent that training is necessary. Teaching the absolute basics to
someone who knows their way around the internet can be seen as condescending to the
employee and a waste of time.
Training on certain technology topics becomes obsolete over time. While some things
such as password use and device security remain constant, the specifics of which
security tools to use and new types of scams that pop up require additional periodic
training.
Keep a policy open that if there are any questions regarding cybersecurity of scamming
topics that there is a designated person who will happily answer them. Encourage erring
on the side of caution. Don’t penalize people who ask something that seems obvious.
Dozens of simple questions are worth one that prevents a human error related data
breach.
Training Is Often Inadequate
While the above strategies are great ways to
handle training timelines and objectives, many
companies that already include measures such
as those don’t go far enough with the specifics
of what they teach. For a basic example,
memos go out proclaiming the importance of
verification measures, but those same memos
don’t give examples of what the best passwords
or security question answers may be.
Cybersecurity professionals need to recognize
these gaps and fill in information when needed.
Here are a few areas which are often found sorely lacking:
Cloud services are commonly used by people, but they are one of the most problematic
areas for cybersecurity professionals. Misinformed sharing choices often lead to leaked
files, and managers often assume that people know how to use these services. Proper
training regarding an organization’s cloud service of choice can lead to increased
efficiency and precise knowledge of who files go to and stay with once the “share” button
is pressed.
Smartphones are effectively small computers that are often underestimated in how
important they are to a company’s technology infrastructure. Too many important
21 Cyber Warnings E-Magazine – March 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
