IT security and compliance can seem like buzzwords—and even worse, it can seem that no matter what you do with your computer systems, there’s always one more component that a vendor is trying to sell you. How can you make a reasonable investment today that will reap the greatest rewards in the future? Today, we’ll cover two low-cost ways to dramatically reduce your risk of security breaches.
It’s not what you know: it’s what you don’t know
Human error has accounted for the majority of security breaches over the past decade, with Infosecurity magazine recently reporting that human error accounted for as many as 90% of breaches, and a recent IBM study mentioned up to 95%. Of course, human error could include a lot of areas, but usually what this means is that an employee fell prey to clicking the wrong link, sharing credentials, creating an easy-to-guess password, or other types of behavior that can allow a hacker into the company’s computer system.
It’s important to provide all employees with cybersecurity training and to reinforce it regularly. You can find Security Awareness Training programs online, both paid and free, or you can bring in experts to work with your employees.
Training Isn’t Enough
The problem with limiting your efforts to training is what’s known as the Dunning-Kruger effect, where people who have limited knowledge overestimate their capabilities. For that reason, a variety of technologies can help monitor and prevent errors. A variety of software solutions provide what’s known as endpoint behavior monitoring.
Endpoint behavior monitoring software provides protection at every computer in the hands of your employees. Each computer runs a software client (app) that detects malicious links, dangerous downloads, and other problematic behaviors as the user is actually working. The software can provide warnings to the users, prevent opening websites and applications, and screen out phishing emails.
The best types of endpoint behavior monitoring software will also include reporting tools, so you or your IT manager can see what threats are coming into the company. For example, at one-time phishing emails looked just like spam, but today, clever hackers construct an email that looks legitimate and is directed personally to individuals. These types of emails may look very relevant to the person’s job, and often they can come from one source or at a particular time. Good reporting of these breaches can help identify the source of these types of attacks or offer information that can help your company pre-empt them in the future.
The Right Combination
Keeping your network protected is a rapidly developing industry. Although user error seems like a difficult problem to tackle, technology is rapidly closing the gap to prevent users from slips in judgment. By implementing the right kind of endpoint monitoring along with user education, you’ll find a small investment goes a long way towards protecting your company.