As we look into 2016 and what trends are going to take place this year in the world of Information Security, there is one thing that we can predict with significant confidence: Employees will remain the biggest threat to your Information Security Program and ultimately the safety of the sensitive data that your organization holds on their network. This is not meant to be negative in any way, rather it is simply a fact of doing business in the 21st century and as we move more and more things to the Internet. We can invent the greatest technology in the world but at the end of the day, there is a person somewhere in the chain of command that has to manage that technology and make sure it is configured correctly. Likewise, there are people in your organization who will be the targets and subjects of phishing and spear phishing attacks which ultimately could compromise the security of your data. None of these are malicious acts by your employees but simply consequences of the way that we do business today. How do we change this? How to we mitigate the threats associated with the human element of Information Security?
I am sure you are familiar with the term Social Engineering, but have you ever considered what this term really means? According to KnowBe4, Social Engineering can be defined as the art of manipulating, influencing, or deceiving you (employee) in order to gain control over your computer system. Social Engineering attempts are considered an art. That, to me, is pretty scary. To me, that indicates that the perpetrators of these types of attacks take pride in their work and use many different strategies or concepts to perfect their work, ultimately tricking an employee into giving up the keys to the kingdom and access to your sensitive, confidential data. How can we prevent or mitigate the chances of these attacks from taking place in your organization? Here are a couple of ideas and places to start:
As a part of the Compass IT Compliance Webinar Series, the topic for January is Social Engineering and looking at the human element of Information Security. This is a free, 30 minute educational webinar that is designed to share information with you so you can protect your data and keep your confidential information safe. Click on the link to register below, here are the details:
What: Social Engineering: Understanding the Human Element in Information Security
When: January 21st at 1:00 PM EST
Duration: 30 Minutes plus a Q&A Session
Where: Online, Register Below
Cost: FREE
Thanks and we can't wait to share some key strategies to help you and your organization mitigate your risk related to your employees!