End-Users and the Weather

I want to start with an IT Joke: Q: How is an end-user like the weather? A: Everybody complains about them but nobody does anything about them.   Simply put, end-users are the biggest hole in most security systems. Security breaches are rarely the result of some elite hacker exploiting a tiny hole the size […]

I want to start with an IT Joke:

Q: How is an end-user like the weather?

A: Everybody complains about them but nobody does anything about them.

 

Simply put, end-users are the biggest hole in most security systems. Security breaches are rarely the result of some elite hacker exploiting a tiny hole the size of a thermal exhaust port on the Deathstar. It’s far more likely that an employee clicked on a link in a suspicious email and invited the hacker inside.

Security professionals have known this forever but have rarely done much about it. Plenty of companies have no training program at all. Only slightly better is “herd your users once a year into the break room, keep them awake with coffee and donuts, and give them a “death by PowerPoint” awareness update.” This means users continue to choose bad passwords, install sketchy apps, and sometimes open phishing emails that expose their computers and the whole company’s network to an attack. This last method was the way a recent big attack (WannaCry) got into various systems.

At Netfix, we have begun helping our clients secure the weakest link in their IT security–their users–with an innovative new solution being provided by a company called Knowbe4. Using the same social engineering techniques the criminals use, Knowbe4 phishes end-users. When users open emails they shouldn’t and click on links they shouldn’t, the system can direct them to a website warning them of risky behavior and also direct them to training videos. Moreover, the system produces reports of how the various users behaved allowing the appropriate department (IT or HR most likely) to address the issue.

The reason nobody does anything about the weather is because they can’t. For a long time many IT professionals have treated end-users the same way. They don’t have to anymore.

If you’re looking to improve your company’s IT security, contact us today for a free consultation.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>