There has been a lot of news lately regarding security breaches, break-ins and data theft. Some of the more recent incidents have involved a leveraged combination of weaknesses in technology and/or spear phishing attacks to allow unauthorized access to sensitive data.
When it comes to security, there are two key areas of focus
Having the right technology, configured properly is good, but it isn’t enough; you must also train your people.
I could go on (and on, and on), but I’ll make that a topic for a later time.
Even with rigorous security practices, your network isn’t truly secure until your users are trained. Nor is it good enough to train someone once. Training needs to happen regularly and multiple times per user. Training outcomes also need to be tested.
When it comes to security training:
There is a balance between security and usability, especially when working in the Small to Medium Business market. Make your network too secure or too difficult to use and your organization will lose productivity, spend too much on IT support or, worse yet, your users will simply revolt and just use their personal equipment to do their work. You’ll also find your users complex passwords written down on sticky notes attached to their monitors. Be too relaxed and you risk viruses, ransomware or data theft or loss. There is a balance, and finding it requires an iterative process that encompasses industry best practices with the business’ goals and user needs.