Be Aware, Be Secure!
I am sure all of us want our information to be safe and secure. Security awareness, be it in the form of trainings or advisories, is one such way of making people aware of the risks to the things they value the most and how they can protect against those risks. When it comes to security, people will be more aware. Security can’t be guaranteed. The only way to keep systems secure is keeping that system unplugged, turned off, and locked in a room. It isn’t sensible to keep our systems turned off, we have to understand the risks to our systems only then we can prepare ourselves to defend them. Preparation only begins with understanding – that is where awareness comes into picture.
Studies and surveys have repeatedly observed that: The biggest threat to information systems and assets is the “human factor”. By raising security awareness through trainings and educating people who interact with computer networks is the best way to achieve significant and lasting improvement in information security. Employees are the biggest threat to the company network. Security awareness is important as we already have management controls, technical controls and operational controls but most important we need human control.
Information Security works best when you:
Now let me tell you a story where the victim didn’t Stay alert, nor did he think carefully or acted wisely!!
An employee named John worked in a reputed organization. The organization had strong technical controls such firewalls, licensed Anti-Virus etc. in their network and every workstation. One day, John received a call from an unknown contact number regarding issues with his organization’s employee self-help portal. John was easily persuaded and he gave away his credentials without thinking twice, just because he was asked for it. The credentials were misused and John was in trouble. Such kind of social engineering attack is also known as Vishing.
If only John was trained for security awareness and was told about the consequences of such attacks, the incident could have been avoided. There was a firewall and an Antivirus, but when the employee was not aware of cyberattacks, everything became null and void.
Reasons behind why we have security awareness:
- People are the target of the attacks.
- Technology alone is not enough.
- People need to understand.
- The solution is cost effective.
- It is required by standards and regulations.
Common sense and smart thinking can protect information, sometimes even better than technology can. For Example:
- When connecting to a Wi-Fi in public places, always connect to a secure encrypted WIFI hotspot or simply don’t.
- When you are in a crowded place, never discuss sensitive business information.
- When you leave your work desk, always lock your computer screen.
- While participating in social media, never disclose any sensitive business information or personal information.
- While leaving the printer bay, pick up all the printouts immediately after printing. Do not leave it unattended.
- After installation remember to update the security software and set it to scan regularly.
- Turn on the automatic updates on all the software’s installed in your computer particularly the operating system and applications.
- Utilize strong passwords and different passwords for different use.
- Think before you click on links and attachments.
- Download only those apps which are from reputable publishers and read all the permissions requests
- While using social networking sites regularly check your privacy setting.
As you can see you don’t need any technology to protect information all the time. All you need to do is STAY, THINK AND ACT WISELY!