Security is the most critical aspect today in technology.  Every week we read or hear about a new attack on another bank, or another election machine that has been taken over.  We have to constantly monitor our credit to make sure we haven’t had our identity stolen from the million different ways it can be taken.  The most common attacks are right here in the office.  And what makes it so common?  The lack of user education.  Most people know not to click on spam emails that are asking for personal information so your long lost Uncle can transfer your money before he dies.  But does everyone know not to enter Microsoft account credentials after clicking on a google document link?  Most don’t, enter their creds, and pretty soon that entire company is getting hit with a wave of spam and phishing emails.  What’s even worse, that user probably uses that same password on personal accounts and now those are vulnerable as well.

There was a security team that ran a test on its own company. They took 50 external 5GB flash drives, put a company sticker on them, and started dropping them all over the property.  In the parking lot, cafeteria, hallways, bathrooms, cubicles, etc.  Installed on those drives was a “virus” that checked in as soon as it was plugged into a machine on the network.  90% of those drives checked in!  The rest were either turned in or never found.  Imagine if this was a drive with a virus capable of beginning a DDoS attack, or even a keylogger which can get even more information from the user.  With proper user education they would know never to plug in a flash drive without knowing its contents on a company machine connected to the network.

With all the attacks out there it is impossible to educate users on everything.  But with a little guidance, the back of their minds might think twice before plugging in that flash drive, or maybe they call the Help Desk  (1-952-278-0580) before opening weird links in emails, and maybe even be overly cautious about entering credentials.  We can never be too safe!

Security and End User Education