We all knew Microsoft is on a mission of world domination – but judging from this dodgy email I got the other day; I did not know that it included sanitaryware and home décor!

Jokes aside, how can IT professionals keep on top of the ever-evolving threat landscape, with various white and black hats competing for the ultimate prize, let alone the end-user?   

Start with a Robust Cybersecurity Strategy   

Yes, we are heading to machine domination; we might as well be amid one already – see our take on why you should be buying shares in tinfoil hat companies here. While this situation can provide a headache and comedic relief in one blow, protecting the end-user is becoming a real challenge.

So I thought of a suitable analogy for the end-user and reader writing this blog. The best I could come up with is that end-user protection against cybersecurity is like raising offspring, guiding, and being vigilant all the way. As development takes place, mistakes get made, achievements get celebrated, and all you can do is hope for the best. You hope that your values and beliefs have taken hold, good habits established, as at some point you will not be there should a dicey situation present itself.  At this point, the values, beliefs, good habits are the ammunition you have instilled and fought tirelessly for years, are seen as empowering the end-user who could hold the fate of your organization in their hands – or at least a portion it.  

So while that simmers, let’s look at what we are talking about:  

1. Frequent reminders to brush teeth and tie up your shoelaces are like, in cyber terms, system updates and patch management. No one wants a root canal treatment.   
2. Your systems need regular screening in search of malware etc., the same way we need regular visits to a health professional for our health check-ups.  
3. When out with friends, you might find yourself keeping in touch with your parents. Regular interactions with the endpoint management are crucial to ensuring all is in order and you can still access information resources.  
4. Attend regular classes, write tests, compete with peers, or be part of cyber-based awareness, training, and ongoing evaluation.  
5. When you want to access some entertainment venues to blow off some steam, some form of identification would typically be required of you by security at the entrance. It would be an inquiry into who you are, what you know or have, and what you can access in cyber terms.  

Supporting peers is also key to developing excellent social skills and fostering teamwork. In the cyber world, ensure that everyone is on the same page working together, highlighting inconsistencies early. The above are vital components to ensure that end users have the right tools in the arsenal to reduce the impact of a cyber-based attack actively. COVID-19 is many things, but most importantly forced many entities to rethink their cybersecurity strategy.

A good cybersecurity strategy should include the end-users of your company. End-users can be a great asset or a huge liability. According to Tripwire, 78% of users put data at risk within organizations. They are bound to make mistakes in cyberspace but empowering them to learn from said mistakes matters. While no single article can be a silver bullet towards a holistic cyber security strategy, the following can be a starting point to achieving this.  

8 Ways an End-User Can Prevent Cyber Attacks:  

1. Ethical Behaviour: Users should be honest and report any illegal or unethical behaviour they notice.
2. Law Enforcement: Users should always work within the applicable local and international laws.
3. Protection of Passwords: Users should keep their passwords safe. They should not share or write down credentials to colleagues or strangers.
4. Physical Security: Security mechanisms should physically protect laptops and ensure that sensitive physical information is kept secure in file cabinets.
5. Information Storage: Safeguarding information based on the appropriate classification label and company compliance policy, including compliance to resilience and encryption.
6. Information Transport: Safeguarding information while in motion, ensuring that the chain of custody is maintained end-to-end.
7. Disposal of Information: Defining and adhering to the policy on information destruction. Ensure that the removal of information is aligned with the classification label to reduce residual threats to your entity.
8. Incident Detection: Provide users with various means to submit and escalate incidents, including a whistleblowing policy.

Recent malware attacks have targeted various companies, large and small, from healthcare to manufacturing and everything in between. Entities that do not adopt a holistic and proactive approach to cybersecurity that includes the end-user could easily find their precious data in the hands of your competitor or worse! 

Identify critical assets in your company and work outwards, using a plan to document access requirements and resources needed. These could be devices, data sources, applications, and end-users. You can also read our resource here on Zero-Trust — to give you the necessary nudge to take the first step. 

Conclusion  

Know your users and empower them to expand your business’s security layers.  A better and more secure organization will always rely on its users as an asset of the People, Process, and Technology.  Please get in touch here if you need more tailored information or an overall cybersecurity solution for your workplace and empower your end-user.