The end-user is the weakest link in cyber security
Although a number of technical mitigations and security services could be implemented, the end users are the ones who could introduce dangerous malware or bypass basic security concepts of company’s network through their hazardous practices or unintended actions.
Although many organizations are investing time and money into security policies, services and projects, we are still facing everyday hazardous practices, like:
- List of passwords written on a post-it and sticked to computer screen
- List of passwords typed in Excel spreadsheet and stored on a local or shared drive
- Users using same password for all their applications “in order to avoid to forget it”
- Transmitting sensitive data and passwords through phone or email without verifying identity of the receiver
- Storing passwords in browser cache without any additional security
- Private or family computer connected (or able to connect) to corporate network (without BYOD policy)
- Replying phishing or spam emails
- No working incident response to infected computers
- Employees who are not aware about Internet policy
Security chart and security awareness training in Belgium
Many employees are familiar with the Web 2.0 technologies. Do you have any policies for usage of all those SaaS services or cloud services ?
- Is it allowed to use Dropbox or Google Drive to store my working folders for me to be able to finish an urgent task at home ?
- May I use my private computer in office, on the enterprise network ?
- Is it allowed to send business related files through WhatsApp, Facebook or Skype to my colleagues ?
- Is it allowed to check or send messages from my private mailbox from office ?
- Is it allowed to browse my social networks from office ?
- Which applications are allowed to be installed on the computer/tablet/smartphone I got from my employer ? I have my own license for a specific software I used at my previous workplace, is it allowed to install it ?
- Who should I contact and what should I do if my computer gets infected with a virus ?
In order to spread good user practices inside your organization (such as ISO 27001 standards), we would help you to create a security program to educate your users about cyber security and explain them on rules and potential threats. The program can be organized with posters, messages on your intranet, newsletters, specific trainings, self-learning videos etc. Each organization has its own needs and objectives.
Web Security & OWASP Top 10
Get in Touch
Subscribe and stay up-to-date on the latest improvements and services.