10
Don’t Forget The Users - How To
It’s tempting to think that technological defences and monitoring solutions can be installed to prevent security incidents from occurring, but in reality we all know that no matter how much money is thrown at improving security within organisations, without educating employees in good security practices, that money is all but wasted.
Given basic training in security awareness, most employees will reward you with years of vigilance and timely responses to security
events. At Allen & Overy LLP we ensure that all new employees globally are schooled in basic security awareness by attending a comprehensive presentation that is
relevant to our industry and uses up-to- date examples of poor business security to illustrate the talk. There are no shortages of examples of poor business security! We aim to make the presentations as interactive as possible with real examples of social engineering and phishing attempts. Attendees complete a quick online questionnaire following the presentation to assist us in continually improving the content. One of the areas that we explore in the security induction is ‘Mistake’ and the need for users to own up to minor incidents before they turn into major ones. I.T. users are particularly vulnerable to mistakes owing to their intrinsic need for experimentation and their need to try out new things. Many ordinary users fear straying outside the boundaries of a rigid set of instructions for using a particular program, but for I.T. staff their inquisitive nature will often lead them towards exploring
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43