Technology companies come and go, but Bit by Bit backs its service with 30 years of experience helping businesses achieve their goals with reliable IT solutions and support.
We were established in 1987 as a database application development and networking company, and since then we’ve evolved into a full-service IT firm and leader in delivering powerful and cost-effective technology solutions. visit our site at www.bitxbit.com
Monday, October 9, 2017
How Important is User Education to Cyber Security?
User education is more important than
basic network security, because user education stops attacks before they ever
access your network. You can have the best anti-malware software available, but
it won't be able to stop every attack. As malware writers improve their attack
tactics, anti-malware can't keep up.
Anti-malware programs can't protect you
from certain attacks, mainly phishing. Phishing is one of the most common
attack vectors used today, and it has been responsible for major data breaches.
An attacker sends emails to several recipients within the organization. All it
takes is for one of these recipients to access a malicious site, input their
user credentials, and the attacker has access to your network. No amount of
anti-malware procedures can protect from this type of attack except for user
Happens When Users Don't Recognize Attacks?
Several recent successful attacks have
been from users falling prey to phishing attacks. Even Google had a recent
outbreak of a widespread phishing attack that spread across several education
The attacker created a page that looked
similar to the Google login screen and tricked users into giving them access to
their accounts. Although the attacker never took advantage of account access,
he could have authorized password resets and used the account information to
sell on the black market.
You could ask yourself how something like
this could be prevented. There is no technology that prevents this type of
attack other than educating your users. The result of a successful attack can
be devastating to your customers and employees, which is why user education is
more important than having anti-malware software on your network.
Can You Do to Educate Your Users?
It's not easy to educate users, because
what seems like an obvious scam to you might not be so obvious to your users.
They need to understand the red flags, and then apply some common sense from
what they learn. The best way to educate users is to show them example phishing
emails and describe the red flags.
If you have a Gmail account you probably
have several phishing emails in your spam folder. You can use these to show
your users what a phishing email looks like. There are several standard types
like the Google lottery scam or the Nigerian prince scam, but you should show
your users the emails that attempt to phish for private details such as
usernames and passwords.
For instance, one common phishing scam is
using a clone of PayPal. The attacker creates an email that uses the PayPal
logo and tells the user that PayPal requires them to reset their password. If
the user falls for the scam, the attacker has their PayPal username and
password, and he can log in and steal their money. This attack is very similar
to what happens when the attacker focuses on a corporate network, so it's a
good example to show your users.
After you have some phishing emails
collected, you can show users the common red flags, which include:
included in the email message
the mouse over a link shows a domain different than the official PayPal domain
English spelling and grammar
sender's address is from a free email account such as Gmail, Hotmail, or Yahoo
In addition to training users to recognize
red flags, you should also train them to report suspicious emails. The email
administrator can block future attacks from the sender based on the sender
address or the email content. It also lets IT know that someone is attacking
the corporation, and managers can be alerted in case of a spear phishing
attack, which is an attack that targets high-level executives.
Even if it seems like a waste of time,
educating users can have a huge positive effect on your network's security. You
can stop attacks before they become major data breaches. These breaches affect
your corporate brand and customer trust. By educating users, you have a stronger
security system in place.
For help with implementing this or other technology solutions contact:
Robert Blake Bit by Bit Computer Consultants 721 N Fielder Rd. #B Arlington, Texas 76012 Direct 817.505.1257 Mobile 972.365.7010