The good folks at TechTarget operate multiple IT-related websites. One of these is the IT Knowledge Exchange, “a TechTarget Expert Community” that features questions and answers, discussions, and blogs posted by IT folks of various roles and levels of expertise.
A recently posted discussion question asks this: “What systems and policies have you put in place to make business employees more IT proficient and self-sufficient?” I believe that cybersecurity training and outreach from IT can contribute greatly to making users “more IT proficient and self-sufficient,” and provide additional benefits to users, IT, and the business.
Most ransomware and other malware enters most enterprises via legitimate-looking but bogus phishing emails and website links. According to the Verizon 2016 Data Breach Investigations Report, more than 20 percent of phishing emails get opened. The report adds that more than 12 percent of those who open those emails click on the links to malware in the messages.
IT can and should provide training, content, and repeated contacts to help users to understand this and be more diligent in looking for, spotting, reporting, and not opening bogus emails. Doing so can help to transform those users from weakest links to first lines of enterprise cybersecurity defense.
Transforming the perception of IT
Such outreach can also help to transform the perception of IT by users and line-of-business leaders. These constituents often view IT as “the bad guys” who impose rules and tools that frustrate and annoy. Helping to make users more secure and more security-savvy can get more of them to see IT as enablers and accelerators of user productivity and business agility. Which can only be good for IT and the rest of the business.
If you’re in IT and already providing cybersecurity training and outreach, keep up the good work. Remember that cybersecurity is a marathon and not a sprint, and that repetition enhances retention and understanding. In other words, that one-time run-through of cybersecurity basics during employee onboarding and orientation is a beginning, not an end.
If you’re not already conducting coordinated, repeated cybersecurity training and outreach, start now. Share some of the resources in the LANDESK ransomware blog post archive with your users. Not all at once, of course. Maybe something new once a week or once a month, accompanied by any news you want to share about new cybersecurity-related applications, patches, processes, or tips. Maybe even content or inspiration you find at TechTarget’s IT Knowledge Exchange or other online discussion areas.
Of course, your training and outreach efforts can be made even more effective if you’re delivering the best possible cybersecurity protections behind the scenes. And of course, we can help you there as well. Check out our solutions online, or contact your LANDESK, AppSense, or Shavlik representative.