Many people think of cyber security as a specialized skill set handled by that one smart guy you hire to handle it, but as the world progresses, we find that you can’t just rely on someone else to be your sole gatekeeper for your entire computer system. As cyber-security experts have gotten better and better at making secure systems, criminals have gotten equally better at targeting the weakest link in these systems. And in today’s world, that link is typically the end-user.
The Risk of Not Knowing Cybersecurity Best Practices
When you check your email, it is up to you to decide if and email is fraudulent before clicking on any links. When you are on the web, and you are asked to enter a credit card or other personal information, it is up to you to know if the website you are connected to is both secure and legitimate. When you download an app, you have to decide if the permissions that app is requesting are actually things the app needs or if there is an underlying trojan trying to get the privileges it needs to bypass the security features built into your device. When you get a phone call warning you of a problem, you need to decide if the person you are talking to is actually your service provider, or someone trying to get you to divulge sensitive user account info.
Not knowing how to make these choices can be disastrous. One bad click, is all it takes to get your entire network encrypted by ransomware or install spyware that steals all your passwords.
Making IT Services and Personal Responsibility Work Together
This where your IT consulting firm comes in. If you have not received a Cybersecurity Policy from them request one. For most organizations, this should include:
- Criteria for evaluating if an email, website, link, or application should be trusted.
- Restrictions on what websites and services you may access from your work machine.
- Restrictions on what information can be saved and transmitted under various circumstances.
- Protocols for defining what information is confidential, and how to handle its storage and transmission.
- Instructions for identifying security redflags
- A policy for ensuring that employees are regularly trained on emerging security threats.