gosphotodesign - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

End-user security requires a shift in corporate culture

It's important for everyone in a company to take security seriously, including end users. A big part of that is training.

SAN FRANCISCO -- An internal culture change can help organizations put end-user security on the front burner.

If an organization only addresses security once a problem arises, it's already too late. But it's common for companies, especially startups, to overlook security because it can get in the way of productivity. That's why it's important for IT departments to create a company culture where employees and decision-makers take security seriously when it comes to end-user data and devices.

"Security was definitely an afterthought," said Keane Grivich, IT infrastructure manager at Shorenstein Realty Services in San Francisco, at last week's BoxWorks conference. "Then we saw some of the high-profile [breaches] and our senior management fully got on board with making sure that our names didn't appear in the newspaper."

How to create a security-centric culture

Improving end-user security starts with extensive training on topics such as what data is safe to share and what a malicious website looks like. That forces users to take responsibility for their actions and understand the risks of certain behaviors.

Plus, if security is a priority, the IT security team will feel like a part of the company, not just an inconvenience standing in users' way.

"Companies get the security teams they deserve," said Cory Scott, chief information security officer at LinkedIn. "Are you the security troll in the back room or are you actually part of the business decisions and respected as a business-aligned person?"

Finger-pointing is a complete impediment to learning.
Brian Roddyengineering executive, Cisco

When IT security professionals feel that the company values them, they are more likely to stick around as well. With the shortage of qualified security pros, retaining talent is key.

Keeping users involved in the security process helps, too. Instead of locking down a user's PC when a user accesses a suspicious file, for example, IT can send him a message checking if he performed a certain action. If the user says he accessed the file, then IT knows someone is not impersonating the user. If he did not, then IT knows there is an intruder and it must act.

To keep end-user security top of mind, it's important to make things such as changing passwords easy for users. IT can make security easier for developers as well by setting up security frameworks that they can apply to applications they're building.

It's also advisable to take a blameless approach when possible.

"Finger-pointing is a complete impediment to learning," said Brian Roddy, an engineering executive who oversees the cloud security business at Cisco, in a session. "The faster we can be learning, the better we can respond and the more competitive we can be."

Cybersecurity, risk management practice quiz

Test your knowledge of cybersecurity, risk management with this CISSP practice quiz

Don't make it easy for attackers

Once the end-user security culture is in place, IT should take steps to shore up the simple things.

Unpatched software is one of the easiest ways for attackers to enter a company's network, said Colin Black, COO at CrowdStrike, a cybersecurity technology company based in Sunnyvale, Calif.

IT can also make it harder for hackers by adding extra security layers such as two-factor authentication

Next Steps

How to create an ideal Windows 10 security setup

How to protect against security threats to Windows 10

Windows 10 security final exam

Dig Deeper on Microsoft Windows desktop operating systems security management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you promote a security-first culture in your organization?
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close