My advice to everyone: drink deeply of the elixir that is cybersecurity user education. If my recent experiences are indicative, it’s delicious and nutritious, at least for your contributions to your own cybersecurity and that of your home, workplace, or both.
A Letter Arrives
It said it was from my bank. The bank at which the mortgage to my home resides. It said my bank needed confirmation of a recent homeowner’s insurance policy renewal. It had my name, address, and correct mortgage account number on it. So far, so good.
But when I looked more closely at the letter, something bothered me: the bank’s logo. It looked like a pretty low-resolution image. One that some social engineer might have ginned up.
So I went to my bank’s web site. But instead of using the link in the letter, I used the one I usually use to do my banking. And I sent a message to my bank via its web site’s “message center,” asking if this request was legit. And within minutes, my bank got back to me, and confirmed that the request did in fact come from them. So I went to my insurer’s site, downloaded the necessary documentation, and uploaded it to my bank’s site. Problem solved.
How I Got This Way – and How Your Users Can, Too
Why did I even suspect the letter? Because at Ivanti, we not only make and use comprehensive, multi-layered defenses against and remediation for cybersecurity threats, including phishing emails and attempts by social engineers to get authorized users to do unauthorized things. We practice what we preach about the value of user education to cybersecurity efforts.
Our IT department requires both initial and periodic refresher training for everyone in the company. Our IT department also sends out legitimate-looking, fake phishing emails to entice legitimate users to click on bogus web links. And our IT department rewards users who “turn in” suspect emails, from IT and from elsewhere. Everyone who submits such an email and has it verified as suspect by IT gets entered into a monthly raffle, and the winner gets a modest prize, kudos, and recognition. Our IT department also communicates with the business about new and improved cybersecurity measures and policies, frequently, non-intrusively, and collegially.
Your IT team can and should do such things as well. Such measures cost and require relatively little, but can buy IT, your users, and your enterprise much. Engaging with users about cybersecurity in such ways can improve their perception of IT, and encourage users to be more aware and more careful.
And who knows? Maybe one or more of those users will take some of that training home with them, have a positive experience like mine, and share it with others. Which could help them avoid theft of personal or private information, or money, or both. And induce them to be more active participants in your cybersecurity efforts at the workplace you share. (See “Better Cybersecurity: It Starts at Your Inbox” and “Three Things You Can Do Now to Increase User Contributions to Cybersecurity at Your Enterprise.”)
User education about cybersecurity is like chicken soup for a cold. It may not cure what ails you, but it will likely help at least a little. And as almost any grandmother will tell you, it couldn’t hurt. (See “User Education for Cybersecurity: Yes, It’s Worth It.”)
Ivanti: Cybersecurity Technologies to Complement User Education
Ivanti cybersecurity solutions can deliver the protections you need to complement, support, and increase the effectiveness of your user education efforts. We can help you patch your endpoints and servers more quickly and consistently, and rein in the admin rights users and hackers love without disrupting your users or your business. We can help you to defend against malware attacks, and recover quickly from those that succeed. And we can help you to control the devices and applications your users use, to minimize vulnerabilities across your network.
Check out the free trials of our patch management tools. Through September, take advantage of our special offer, and combine some of those tools at discounts of up to 30 percent. Read our other security blog posts for additional recommendations and tips to make your users smarter about cybersecurity. And contact Ivanti, so we can help you back those efforts up with effective solutions.