For most people, the general perception of locks is security — to keep threats out. However, for a lock to function effectively, it needs to be correctly used. The individual using the lock has to know how to use the key, right?
The same principle is true in cybersecurity. For all of the technical ingenuity that goes into protecting digital assets – the firewalls, the levels of encryption, the access controls – the biggest potential danger to a system is often the behaviour of the people using it.
For too many networks, the weakest link in security isn’t the technology.
It’s the user.
But it doesn’t have to be that way. If users are trained in and aware of best cybersecurity practices, they can move from being the weakest links in network security to the strongest assets, acting as a line defence for an organization.
What Should You Know About User Awareness?
First, a caveat:
How aware should users be? – and what does user awareness even mean?
When it comes to assigning users responsibility for awareness, there are two ends of the spectrum. On one end are those who claim that users should have no responsibility – that is, secure systems should be designed so that users aren’t capable of compromising them. If user action (clicking on a malicious link in an email, for example) causes a network breach, then the fault is in the design of the system or software.
On the other end are frustrated IT professionals who bemoan every security breach as “user error.” Systems would stay secure if only people used them correctly – and, accordingly, a breach is always the user’s fault.
For our part, we believe the truth is probably somewhere in the middle. It’s true that IT systems should be designed to be as secure as possible, and that means following the principle of least privilege, ensuring software configurations are customized to fit your environment, etc. But, it’s also true that no technical construct can truly safeguard against the many permutations of user error. The average user is not a security guru always on the lookout for potential vulnerabilities, and we can’t expect them to be.
The best path, then, is to design networks to be as secure as possible while giving users as much awareness of best practice cybersecurity standards as possible, too.
So, user awareness means continuous training to help individuals understand industry standards and avoid common mistakes.
Here Are Five Things That IT Services for Accounting Professionals Want Users to Know.
- Poor User Awareness Can Lead to Cybersecurity Risks
Many people are simply unaware that cybersecurity is a real risk. They think it’s simply something that happens to those big corporations.
One report found that 72% of respondents in the U.S. feel safe from IT security threats. That’s in spite of the fact that more than half of Americans have had personal data compromised within the past year, not to mention that cybercrime damage costs are predicted to hit $6 trillion annually by 2021.
Users are not to blame for this incongruity. It is our duty to educate them on the risk. What are the common attack vectors used by hackers? What are the policies around users falling for phishing scams or accidentally releasing confidential material?
Make sure that your cybersecurity training includes an emphasis on the real, practical risks of unsecured networks. A proper understanding of that risk is the foundation for good practice.
- Users Must Be Savvy About Cybersecurity Basics
Users don’t need to know the technical intricacies of IT services for accounting. They don’t need to know what threat detection tools do, what content protection system architecture is, or the history of cyber-crime and cybersecurity.
But they should know the basics of cybersecurity, both in a general sense and in regard to the software that they will be using.
That includes:
- Knowing what a strong password looks like
- Knowing how to tell if a site is on https
- Knowing what a phishing attack looks like
- Understanding the definition of ransomware
- Understand a potential social engineering attack
- Knowing how to properly manage untrusted removable media
Obviously, that’s not an exclusive list, but it does exemplify the type of general knowledge that users should have.
- Timely Updates Reduce the Risk of Cybersecurity Threats
It’s difficult to keep up with every patch and update that comes out, that’s why companies turn to dedicated IT services for accounting professionals. But, at the same time, staying updated is important. Outdated software/systems come with a host of vulnerabilities since there no updates and patches to sustain it. They, therefore, pose security risks that can wreak havoc on your business, given their high susceptibility to cyber-attacks.
Average users, of course, can’t be expected to stay on the cutting edge of cybersecurity news – they have other priorities, like growing and progressing the company brand or connecting and engaging with customers. But IT personnel should do their part to notify users of any major vulnerability that could affect the company.
If there is a critical Microsoft update, do your best to let users know. The same goes for other widely used software platforms. Yes, it is the responsibility of IT to manage system updates. But making users aware of the risks helps – it can expedite the update process and minimize the risk that a user will be affected at home (which can end up compromising a network if you have a BYOD policy).
- Users Should be Vigilant on Hacking Trends
Users should also be aware of general hacking trends.
This is, often, a cause of frustration for IT staff. After all, shouldn’t users be aware that it’s best not to click the link in that spammy email? Shouldn’t they understand that clicking spams or phishing are activities best avoided, or that the old, useless apps on their phones represent a security risk that should be removed?
Well, yes – users should be aware of those things. It’s best for them and for IT systems if they have that knowledge.
But that knowledge isn’t innate. Each behavior is learned. Avoiding common hacker techniques will be easier for users if they have an understanding of what factors contribute to the likelihood of a hack.
- Cybersecurity Mistakes Are the Main Source Cyber Security Breaches
Finally (and on a similar note), users will have an easier time protecting network security if they recognize and avoid a few common cybersecurity mistakes.
Common cybersecurity mistakes include:
- Leaving notes with passwords on your desk
- Not using a strong password
- Reusing passwords
- Carelessly handling sensitive data
- Using outdated/ unauthorized software
- Disregarding cybersecurity knowledge
- Following suspicious email links and attachments
- Using personal devices for work purposes
- Using public networks without a VPN
- Plugging in insecure devices
- Not backing up data
Ready to Promote Better User Behavior?
Don’t leave the front door open. Security is important – and that means it’s important to dedicate time to strengthening the locks and the people who use them.
That’s why Alavanca Systems teams focus on both comprehensive pre-and post- user awareness training to help your employees stay on their toes by observing the highest standards of security in their work areas. As a premier managed IT services company for accountants in the Chicagoland area, we’ve worked with CPA firms just like yours for years.
We leverage our security expertise, tools, and experience to assess your organization’s overall security culture as well as the security awareness and proficiency of your users.
We develop tailored training to address any proficiency gaps and weaknesses while monitoring our user awareness training program impact on your user security awareness over time.
You don’t have to concede that your users will be the weak link in your network. With IT training and high-quality support, educated users can be major IT assets.
For the absolute best in business IT services for accounting firms – including user cybersecurity training – get in touch with Alavanca Systems today to see how we can help your business and your users secure your networks.
Ciro Cetrangolo is an IT specialist with over 30+ years in the IT services industry. Ciro has a deep understanding of the software, workflow, and underlying technology of accounting organizations and helps firms like yours achieve the secure, stable, and streamlined IT environments you need to accomplish your work more effectively. See my Amazon Author Profile