Securing the Human Firewall
Security techniques and technology — physical security, user account security, server security, and locking down your servers — are child’s play compared with the most difficult job of network security: securing your network’s users. All the best-laid security plans are for naught if your users write down their passwords on sticky notes and post them on their computers and click every link that shows up in their email.
The key to securing your network users is to empower your users to realize that they’re an important part of your company’s cybersecurity plan, and then show them what they can do to become an effective human firewall.
This necessarily involves training, and of course IT training is usually the most dreaded type of training there is. So, do your best to make the training fun and engaging rather than dull and boring.
If training isn’t your thing, search the web. You’ll find plenty of inexpensive options for online cybersecurity training, ranging from simple and short videos to full-length online courses.
You’ll also need to establish a written cybersecurity policy and stick to it. Have a meeting with everyone to go over the security policy to make sure that everyone understands the rules. Also, make sure to have consequences when violations occur.
Here are some suggestions for some basic security rules you can incorporate into your security policy:
- Never write down your password or give it to someone else.
- Accounts should not be shared. Never use someone else’s account to access a resource that you can’t access under your own account. If you need access to some network resource that isn’t available to you, you should formally request access under your own account.
- Likewise, never give your account information to a co-worker so that he or she can access a needed resource. Your co-worker should instead formally request access under his or her own account.
- Don’t install any software or hardware on your computer — especially wireless access devices or modems — without first obtaining permission.
- Don’t enable file and printer sharing on workstations without first getting permission.
- Never attempt to disable or bypass the network’s security features.