People are often referred to as the weakest link in an information security program. Through either intentional or accidental misuse of access, people often leave networks and organizations exposed.
“All it takes is just one weak link in the chain for an attacker to gain a foothold into your network”.
All too often, security programs tend to focus on technical controls rather than the human element. In addition to managerial, technical, and operational security controls we also need human controls to account for what NIST describes as the ‘People Factor’ such that we can help create an environment that constantly reminds people of the ‘right thing’ to do.
“Your organization can be bristling with firewalls and IDS, but if a naïve user ushers an attacker in through the back door you have wasted your money”.
Although the weakness that people present can never be totally eliminated, a well-planned security awareness program can help to reduce the risk to an acceptable level. It is critical that users understand their role in protecting information and information assets. [SANS Institute 2002]
That’s where we come in by helping security leaders in organizations across the world to build and develop customized security awareness programs, along with dynamic content specifically targeted to your users.
We recognize that ‘One Size Doesn’t Always Fit All’ and that messages and content delivery that works for some users, will be less effective with others.
You can bombard users with content and reasons why they need to follow security policy, but at the end of the day it all comes down to messaging – and having that message resonate with those receiving it, so that its sticks and gets put into day-to-day practice….no matter how busy or how distracted that user may be!