You Think You Are Safe Behind Your Cyber Defense Walls, But Have You Considered End-Users As A Threat?by QA Engineer on March 30, 2015
So here we are, your software is protected, all network breaches are covered and every database is protected by trained and skilled killer bears from Russia besides the cyber-security measures you have implemented and yet you still have trouble. How so? Because your software has end users. No matter if you are an enormous corporation and your software is used by your employees only or if you are a game startup with target audience of 15-36 aged men all over the world your users may be your weakness.
Why are my users my weakness?
Technically they are not nor should you ever treat them for a weakness. However, despite all of your protective measures they are still people and not tech. And that means they may be victim of theft (of any gadget with your software on it they are already logged in), social engineering, phishing tactics and malware, there is always malware to consider.
What may be done as preventing measures?
In this case trainings are the only visible reasonable solution. The very idea of dangers lurking out there to grab a bite from your software should be delivered to your end users. Now, when it is relatively easier done in a corporate environment as employee trainings no other software providers should neglect the power of users that are aware of what hides out there in the dark.
Surely you understand that if we take any piece of malicious software is will be an app one has to install (in most cases) so if any link your users are clicking requires something installed warn them. Prevent it from happening by all means. The fact that such things should not be installed may be obvious to you but can you truly say your mind works in the exact same manner minds of all your users do?
The chain is as strong as its weakest link and you probably are quite aware of that as, after all, you have managed to survive in the world of business. What steps should you take to make sure you are safer from evildoers?
- As mentioned above try trainings. They don’t have to be boring old meetings when one guy nobody knows tells about mythical evil people. Be a bit more creative than that. If yor users are out of physical reach nobody has forbidden creativeness yet. Try implementing a game where every mysterious and phishing event when reported by a user is rewarded with something. Same may work well on employee trainings, by the way. Everybody loves rewards.
- Make sure you have a well-designed and carefully planned security strategy of your own to back up all your words you have said on trainings. People follow leaders out of respect and respect is earned with sticking to your position no matter what.
- Make sure everybody’s aware who ‘they gonna call’ if something actually happens. And be sure you will know how to react and you will do so fast. This process must not be complex or the odds are people will get tired of filling various form and you will never receive feedback you have required in tome.
Now, after considering all written above I will rest assured that at least somebody is a little bit safer, which is a great reward for me. Thank you for your attention, Max out!