Educating end users to help mitigate security breaches

60 percent of network security breaches are started by internal end users.  Now this is not a bashing session of end users cause I am one of them.  ;). However in our quest to build the best layered security approaches to limit our risks from security breaches we still still see a rise in the frequency of attacks.  One thing that is overlooked many times is the  PIFOKMM.  "Person in front of keyboard mouse and monitor" or the End user.

Our end users are our biggest assets and we need to help protect them from themselves and protect our companies.  So spending all of the money in the world on every technology security solution without proper TRAINING for end users is like ripping up 100 dollar bills and throwing them out your penthouse office window.  Let's teach them how to recognize secure web browsing from unsecure web browsing.  HTTPS and HTTP.  Let's teach them about what Phishing is and how to best recognize a malicious email.  And what about discussing Social Engineering attacks???  What is it and how dangerous is it?  Hacktavists are always social engineering which is learning behavior of end users on what sites they like and what interests them on the Internet to build the correct phishing emails to trick users.  We need to have regular training to help our most important assets, the employees not inadvertently make a major mistake.

I know this post is slightly out of the norm of Sales Strategies but since I live and breathe this stuff all day I am going to write more about this stuff.

Shawn