27/1/2019 TestOut LabSim

2.2.2 User Education

User Education
Employees are the single greatest threat to network security. They can wreak havoc on systems by unknowingly downloading viruses, accidentally
divulging sensitive information, or storing authentication credentials in plain sight.

The most important thing you can do to protect against the inherent risks that employees pose is to properly educate them on the countless
threats they face.

Employees are the Target

First, employees must understand that with the majority of attacks, they are the primary target. This is because attackers know that if they can
compromise a single workstation, they can leverage that position and gain access to the entire network. The reason for this is it's much easier to
trick an uneducated employee than it is to find a vulnerability in a monitored and protected system.

Understanding Attack Strategies

To effectively protect themselves, employees must be aware of the common tactics used by attackers.

One of the most common attacks is a phishing attack, where employees are lured into clicking a link or downloading an attachment from a
seemingly legitimate email. Most often this email will have a call for urgency or seem to come from a person with authority in the organization.

Whatever the attack is, be sure to train your employees on how to identify the various attacks they will be the target of. Train them on how to spot
suspicious emails, instant messages, downloads, attachments, and websites. In addition, be sure to have an effective password policy and clean
desk policy in place and don't forget to enforce it.

Internal Threats
Employees must also be aware that security threats don't always originate from outside the company. For example, it's possible for a disgruntled
employee to do quite a bit of damage to a network and organization. Because of this, be sure to train users on how to identify suspicious activity
from other employees and how they can report it.

Inside Security Threats

And finally, employees must be aware of the company's security policies and computer usage policies.

These policies should be given to the employee during the onboarding process and they should know that it's their job to understand these
policies and adhere to them.

Summary
Ensuring that your company's security policies and training are effective is your job. One of the best things you can do as a security professional is
create a culture of security awareness in your organization. You want to educate employees on the common threats they will face and how they
can protect against them.

And while it's impossible to make a system 100 percent secure, you can make your job a lot easier by properly educating the employees in your
organization.

TestOut Corporation All rights reserved.

https://cdn.testout.com/client-v5-1-10-551/startlabsim.html 1/1