The “People” Aspects of Security In addition to technology solutions, most Trusted Advisors are likely to recommend that companies require their employees to attend IT security related educational programs. A number of companies are already requiring such participation on an annual basis, frequently in the form of a third party-de- signed webinar that focuses on human behaviors such as identifying the characteristics of a likely phishing attack. The extent to which these initiatives are effective can be somewhat debatable, but most experts agree that if they prevent at least one person from plugging-in a USB drive found in the parking lot, then at least some value has been delivered. “User education is critical to preventing phishing attacks, but you have to assume that you’re not going to get 100 percent effectiveness across your entire user base,” said Stratacore’s Pallat. “The phishers are getting more and more sophisticated, so even a well-educated user can fall victim to a well-crafted spearphishing campaign. So, it’s just as important to put some additional email security in place to either sandbox URLs or provide that extra layer on top of what’s already available.” While security technologies can go a long way towards protecting your company, a comprehensive education campaign for employees is almost always the necessary next step. There is one other important “people” aspect of IT security worthy of consideration. While security professionals play a crucial role in protecting the company and its data assets, they are often viewed by their colleagues in a less-than-favorable light. “There’s a battle between the security and the operations people because security tends to make things more difficult, and Operations’ goal is to get things done,” said Ben Thornton, CTO of Opex Technologies, a Trusted Advisor that specializes in security and other Information Technologies. “The security guys are seen as the “no” guys. So, we try to find out what their concerns are, change that im- pression and accomplish security goals in less obtrusive ways. This helps to build credibility and good will with other groups within the company. This way, when you do have to say no about something, they don’t just try to work around you. They need to see that you have solid reasons. Don’t be the “no” person or the “yes” person. Be the “solutions” person.” Copyright © 2020 AVANT Communications, Inc. 2514 Copyright © 2020 AVANT Communications, Inc. 304 Copyright © 2020 ACopyright © 2020 AVVANT CommunicANT Communicaations, Inc.tions, Inc. 7 Copyright © 2020 AVANT Communications, Inc.
Managed Security Trends and Insights Page 30 Page 32