Security Awareness - The Importance of User Education

Many organizations implement IT security using the approach of "making it as transparent to users as possible". While tools can provide some levels of protection, this approach increases the risk to businesses. This is because users need to both protect information and be aware of the dangers that are out there.

For example, users must safeguard their laptops and use the best practices if they send sensitive information in email, (e.g., encryption). Also, malware attacks are becoming so realistic, they can fool even seasoned IT professionals (e.g., as it's easy to copy genuine HTML graphics from legitimate websites to develop counterfeit phishing attacks or websites).

Companies can improve their security by teaching their business and IT professionals the best practices in security. I personally saw some of the fruits of this on May 5, 2000 when our company came through the "Love Bug" attacks (e.g., the $10 billion in damages world wide is still the most significant of all time) with only a handful of infections and no server downtime at all.

Thankfully, security software has greatly improved to quickly stop major attacks like the Love Bug attacks. Microsoft's TWC initiatives have improved their software. Many other software providers have also improved security in their product offerings.

I also see most business professionals are using the best practices at work, especially if the company has strong IT security policies. Still, any company that employs security awareness training will enjoy even greater levels of information protection and decreased malware infections.


AVERT Labs - The Importance of User Education
http://www.avertlabs.com/research/blog/index.php/2007/10/02/user-education/

QUOTE: What is antivirus protection worth when users try all the tricks they know to see the Loveletter.jpg.vbs picture; why do they double-click on executable files? No matter whether it’s Kournikova, Labor Day greetings cards, or just an “undeliverable message” with “details” attached, many users don’t care. Home users risk their privacy and may lose the ownership of their machines, but they can’t resist the temptation.

Corporate users are sometimes even less careful, as it’s not their machine and if it’s broken, it’s not their problem. The IT department will fix it. “If the company sends the mails to my machine, they know what they are doing. Why shouldn’t I click on those mails?” I heard that once from a corporate user–it scared me, because it was that user who was causing an internal outbreak.

While that user enjoyed the weekend, the IT guys tried to regain control of their network. About 15 employees of that company were working the whole weekend, plus external consultants. That was one of the most expensive double-clicks that company ever had

Harry Waldron - Security News & Best Practices Blog

Nice post...

Regards

techanu

Nice post...

Regards

techanu

Mobile application management take care of the certain functions that include security polices, analytic reports, device control functions like delete, lock, wipe/erase and real-time record etc. Some organizations have created the customized enterprise mobile application store for the employees.  All these functions resolve the problems of the IT people as well as the mangers. They can update and install the applications easily. This helps the organization to eliminate the cost and updates the apps remotely. There are many companies are offering the mobile application management platform.
Therefore, there is a need for an innovative and secure mobile device management solution in the market with its direct focus on next generation mobile device management. This Next generation focused device management apart from having basic functions should be able to  equip mobile apps by making them business-ready, securing the mobile content, while simultaneously catering to the enterprise IT needs and the user experience.

Enterprise Mobility Solution helps to secure the sensitive corporate data. The solution when deployed in the enterprise is planned and secure which is only accessed by the authorized persons such as clients, partners, employees and vendors. Majority of the organizations are implementing the Mobile Device Management for Blackberry and Android.  While deploying this solution they should enforce the security policies like password, authentication access etc to keep the corporate data secure. The password kept for the mobile devices should have the special characters so that unauthorized user cannot access it easily. The IT teams implement the special security policies on the phones so that employees don’t use the unauthorized websites. They put special security policies which helps them to take the backup or wipe the data when device is lost or stolen.
 
mobile data security management

Hi, JonesyBrown.  If you are a vendor and would like to promote your solution to the myITforum community, please contact me offline.  We offer promotion services for our sponsors here on the site.