Whether you know it or not, companies spends millions of dollars trying to make their network safe from hackers. Billions of dollars and a lot of lost time are the cost that companies have to share when their systems are breached. The problem becomes that most companies only address half of the solution, you can pour all the money you have into security devices and monitoring software, but that’s only half the battle. I don’t think you should quite cut your IT security budgets, but look holistically at the problem.
One of the best sources of information or a way around your firewall and IDS systems are the users themselves. Making sure to have a good relationship with your users and explain the common techniques or current attacks going on, goes a long way to keep your network safe.
I have a very good relationship with the users in my workplace, I keep them informed of phishing attack and they let me know when there is an email that doesn’t quite seem to be right. This relationship for many techs out there may seem easier said than done. It means taking time out of a busy day to look at an email with a user, explaining why it is or isn’t an attack. I’ve done work before where 75% were false cases, but I smiled and friendly explain why…and told them that if they ever had concerns again to call me.
The second part that I recommend, is that you take time to have cyber security awareness training. I’m not talking a day long bore fest training explaining everything, just give them the overview and keep it brief. While your passion is keeping their network safe, their passion maybe to not sit in meetings.
Another part of this (and it’s something I do) is every often (especially around end of year holidays) I make sure to send out little emails with tips on how to stay safe when browsing online. This email is secretly dual purposed, one if they shop while at work, they stay safe and two if they shop at home unsafe and bring a virus into the network on a flash drive or forwarded email.
I really do find it amazing how little credit is given to a phishing campaign. In 2011 RSA, a major technology company, was hacked all when an employee responded to a phishing attempt. This is a company whose whole business was security, and fell victim to what hackers know, No matter how secure a target the user is always the weakest link. By giving them the tools to learn and know common tactic, and keep them safe in both their home and work life, the better of a chance that user doesn’t fall victim to a cyber criminal and put your data in jeopardy.