How To Prevent Phishing? More Like How To Train Your (Dragon) End-User

The most dangerous threat to your company’s information isn’t as the movies would lead you to believe. The hacker in a warehouse surrounded with monitors, expounding upon government conspiracies isn’t knocking at your door. The biggest threat is in your building right now and is about to click on a link from a malicious email that fell through the cracks of all your safeguards, and its your fault.

We surround ourselves with all the latest and greatest tools to keep our environment safe, but are we training our end-users? Are we informing them of the latest threats? Are we letting them know how we are protecting them? This is how we fail very often, forgetting about the human aspect of information security. Three points to consider about your end-user when training them.

• (KISS) Keep it simple stupid!
• Be consistent
• Be proactive rather than reactive

In training our end-users, there are many tools we can use that are interactive, and simple. In fact, Compass has a series of training programs that are a great starting point for any size company looking to up their end-user awareness.

The consistency of a weekly IT email that gives helpful hits can be a great way to open dialogue. Start with something that catches the eye of someone non-techie, helpful hits with iPhones lets say, then transition to a reminder that hovering your cursor over a link will often reveal the true identity of the link, followed by a quick reminder that doing so can prevent malicious emails from succeeding.

Being proactive can be as simple as implementing a yearly IT Security training for your end-users. Getting a dozen end-users at a time in a conference room for a 15-minute PowerPoint chat can, if done right, make an impact. Ask them questions, show them real life events, and share with them that being proactive does have an impact. We may not work for a company as large as Target, but many of us do work for an organization as small as the HVAC company that lead to the Target breach.

Compass IT Compliance works with organizations of all sizes in all vertical markets to assist them in strengthening their primary asset when it comes to Information Security: Your People. In fact, Social Engineering is one of, if not the primary way, that bad actors gain access to your organization. Contact us today to learn more tips, tricks, and tools you can use to bolster your best line of defense against threats!