When it comes to security, your end users are often a weak link in your safety regimen. It’s not because they are malicious or careless. It’s because they often don’t know any better, making them vulnerable to social engineering and phishing scams that could unknowingly give bad guys access to your network.
Training can surely help reduce that risk, but studies have shown that there are a percentage of users who are very likely to click on that phishing link no matter how many times they’ve been told to think twice, or to take a quick glance at the address where the email originated.
Then there are phishing tests, where the company security team sends out a false email deliberately to test if you fall for it or not. While these tests can certainly help, if you get an email that appears to be from someone inside your organization (and it’s large enough that you don’t know everyone), it’s pretty easy to just click the link as part of doing your job.
These approaches absolutely should be part of any solid security regimen, but it’s not always going to be enough because there’s still plenty of people getting through your defenses. You have to think about other ways to educate and inform your users about the dangers that abound.
Arm them with info
What if instead of cajoling, training, or testing, you armed those users with information, so they would know when whatever they were doing was outside your security guidelines. Two companies recently released new features that could help.
We’ve written about using password management as a way to simplify access to company services by using a single point of access instead of many. Tools like Okta and OneLogin can help you provide a user-friendly way to access all of your client company services in one place.
But these companies recognize that the password itself could be a weak spot in your security, and each recently released new products to help. OneLogin announced a product called Shield that prevents users from reusing passwords, helps stop them from using corporate credentials for personal use, and warns them when they are on a suspicious looking website that could be used for phishing.
Okta released a product earlier this month called UserInsights. It helps users by giving them a message when there appears to be suspicious activity associated with their login credentials. If there is a good reason for that, like the person just got a new phone, then they can ignore it. Otherwise, they can click a button to report it immediately to the security team, who can investigate the problem.
What these tools do is stop making employees the brunt of the problem, and instead takes a much more proactive approach in making employees partners in keeping the organization secure.
Photo: Khakimullin Aleksandr / Shutterstock.