In light of new encrypting ransomware like CryptoWall 4.0 which was just discovered last week, how can you improve end user security practices and prevent clients from becoming victims of these malicious schemes? You can force videos upon people and make them score a 100% on an online quiz before they have "passed" their security training, but does that really work? If you ask Engin Kirda, chief architect at Lastline and professor of computer science at Northeastern University in Boston, he'll tell you that it's not. In a recent article on eWeek, Kirda said that the only time that people seem to take cybersecurity seriously is after they have become the victim of an attack. Okay, that's good to know, but you certainly don't want all of your clients to get hit with malware in order for them to realize the seriousness of the threat. So what else can you do?
We reached out to users on Reddit and Mangolassi, an IT community that we recently joined, to see how MSPs and IT service providers conduct user education in a way that actually works. Beyond literature and best practices emails, which you can't guarantee people will read, we asked these professionals to explain how they implement a more "realistic and effective" security training program. Their answers were fascinating and worth experimenting with at your own business!
As you can see, companies are actually starting to bait (no pun intended) their employees with "mock phishing" attacks on their emails or even with actual physical drives to prepare them for the real thing. As crazy as it sounds, this is becoming a more common practice for larger companies looking to improve their employee security training.
While this trend is more common in larger companies, and perhaps not as apparent in the SMBs that many MSPs serve, look to these examples and take advantage of the opportunity to start your own initiative. Consider coming up with similar client security training programs that you can carry out in the new year. If you don't have the time or resources to do this, there are third-party security companies out there that may be able to help you.
As CryptoWall 4.0 has reminded all of us, your clients should trust you to back up their sensitive data, should it ever be lost or compromised. Still, providing users with training similar to the ideas presented here could go a long way towards avoiding these user error-generated issues all together.
Help keep your clients' stored data safe!
Also suggested for you:
By Lily Teplow
By Brian Downey
By Dave LeClair