Thou Shalt Educate Your Users

Thou Shalt Educate Your Users

The 10 Commandments of IT Security

IT Security Commandment #7: Thou Shalt Educate Your Users

Most would not argue that there is great value to a good education. It provides those who take advantage of it with many well-known benefits which do not need to be enumerated here. This leads us to the 7th commandment of IT Security which is, Thou Shalt Educate Your Users. If you do so, the benefits that flow to you and your organization will be innumerable as well. The well informed and aware staff is your first major line of defense against any security threat. A staff without knowledge and training is your weakest link.

Developing an IT Security Policy is the First Step

Before embarking on the path to staff cybersecurity training, any organization should start with the first strategic step by developing their own Information Technology Security Policy. All staff should be made aware of any company-wide policies and be reminded of the policies annually. That is just a start. The benefits of establishing a policy include the fact that it creates rules to ensure that staff members do things as you have directed, it provides the ability to reduce chances of data breaches, and importantly, it lists the procedures to follow if there ever is a data breach or leak of key business information. A security policy should include key objectives, list out key personnel involved, best practices for antivirus, backups, data storage/disposal, how personally owned devices can or cannot be used to access company data, staff training, etc.

Implementing Employee Security Training and Testing is the Next Step

With an IT Security Policy in place, a key next step in following this commandment is to put in place a system of training and testing for all personnel to protect company assets of all types. Do not think your business entity is not a target—all organizations are targets, regardless of size. Proper employee security training will cover items like the following:

  • Passwords - Ensuring they are long, complex, kept secure and changed routinely. Password management software is highly recommended.
  • Email - Not allowing staff to use their email password for anything else is key. Also, enforcing Multi-Factor Authentication (MFA) is a smart added step.
  • Phishing - Alerting folks consistently about the risks of phishing attacks through real life or video training tutorials is paramount for success.
  • Devices - Teaching the team about proper device security—both physical as well as virtual security.
  • Access - Informing staff that remote access to a server should only be through a Virtual Private Network (VPN) using Multi-Factor Authentication (MFA). MFA should be mandatory for access to any company cloud software applications or data.
  • Testing - All of the above and more should be part of a staff training program. But you might not get all the benefits without doing formal as well as surreptitious testing of your staff to see how well they live up to the policies and how much they have learned from the training.

At IT Radix, we have a variety of ways to properly help you train your staff. Reach out to us here and we can help. We want you to never commit the sin of not living up to the 7th Commandment of IT Security.