In security, it’s often said that you will have little success within an organization if you do not have buy-in from management. However, there’s a larger group that is often-overlooked though critical to a successful security program. And they impact all aspects of your security posture. That group, of course, is the end users.
There has been a recent development regarding a potent vulnerability. To help you stay ahead of the situation, please read the following to learn what the exploit is capable of and what can be done to protect against the it.
We’ve all heard of (or worse been part of) a company with a super strict security team. If you fall for a phishing campaign, you need to report in person to the security department, where they ridicule or chastise you for your error, make you take remedial phishing training, and complete an online test, or worse, revoke your network credentials for a period. While this may be effective from a security standpoint, it’s detrimental to the overall health of the security program. See, presenting a punitive result from an action that is, to the end users’ perspective, simply trying to get their work done doesn’t foster knowledge or understanding: it’s simply an attempt at conditioning. This often creates a negative response and image for the security department - both from an interpersonal perspective, but also from a business perspective.
As ProCircular’s resident young person without a background in security, I have learned an extraordinary amount of information about the importance of cybersecurity since starting at this company. I now think about how often my generation tends to overlook basic security features on our phones and computers which leaves us open to disastrous consequences in our personal or professional lives.
At this point, everyone has probably heard a speech about how important it is to have a strong password. It is true that a strong password is extremely important in preventing an attacker from guessing or cracking it. However, it does not help against those annoying and ever-present phishing attacks when a user unknowingly hands over their password. And unfortunately, it’s almost inevitable that this will happen. This means that there will always be a question about the security of a password.