One of the most interesting aspects of cyber security is the fact that it’s not the technology you have in place that is most critical. It is the humans you have working for your organization. You can have the most robust firewall out there but if you have users that don’t know what to look for, or aren’t aware, all that technology won’t help much. The best firewall is the human firewall.
So how do you build the human firewall? In today’s world, it requires your employees being constantly vigilant. The best way to enforce that is through regular, consistent employee training. Having a certified ethical hacker who performs regular penetration testing will take you a long way in training your employees. A certified ethical hacker is a professional that knows how to check for weak spots in your network using a variety of penetration testing techniques. Through those tests, he is able to analyze the security of your systems and your employees.
There are many strategies for training your employees. The overall practice is called White Hat Social Engineering. A certified ethical hacker uses the very same techniques that the bad guys will use to train employees on what to look for, scaring them a little bit. Now we don’t want them to be so paranoid that it actually effects their productivity. But there’s a nice balance you need to establish with your users between basic awareness and productivity.
One primary technique is fake phishing emails. Fake phishing emails to all your staff is a great way to get a feel for who your weak links are. True phishing emails are designed to look like they are from real companies, whether it be a LinkedIn request, EZ Pass notification, or even Amazon. They can look very legitimate, but there are always details that are off. With the regular practice of sending fake phishing emails that point out these details, staff learn what to look for. So if staff know the fine details they need to look for, they should be able to sense something “Phishy” in a real phishing email.
Having a resource internally to stay on top of this critical piece of security can be burdensome for companies and the cost of this security expertise can be substantial. With our Security-as-a-Service offering, we’re not only on top of how your firewall is configured, what antivirus you have, what filters are in place, but include White Hat Social Engineering services as a critical piece of your Cyber Security practice. Cyber security policy training, fake phishing emails, and introducing new threats will keep your employees on their toes and create a healthy suspicion of emails. And these are only a few examples of things we do for our cyber security clients on a regular basis.
Mike graduated from Monmouth University with a communications degree. He has been with Domain Computer Services for two years, successfully advising prospective clients on the IT services their businesses need to succeed. He understands the value of Domain’s technology solutions and the necessity of real IT advice. Mike may be contacted at firstname.lastname@example.org.