In the world of cyber security, the biggest, most difficult to manage risk is that of the end user. This isn’t meant to be a personal dig against anyone in any way, but ultimately, we are the weakest point of our company infrastructure. This is simply due to the fact that we are human, and, despite our best efforts, we can fall victim to phishing, scams, and just honestly make mistakes sometimes. When configured correctly, we can trust our Intrusion Detection Systems, Firewalls, Anti-Virus, and other security solutions to keep the bad thing out of our systems. Unfortunately, improving end user security isn’t as simple as a few lines of code, or adjusting a handful of toggle switches. All is not a lost cause though! Below are a handful of solutions we can practice in order to increase our overall security and awareness.

Password Security
One of the easiest ways to increase security at the end user level is to have robust password policies in place. Using complicated passwords sounds daunting at first, but in practice it just means using a combination of upper- and lower-case letters, numbers, and special characters.  It doesn’t mean trying to remember a randomly generated 32-character string of gibberish. Rather, I often suggest that users use pass phrases, as they are often much easier to remember. For instance, let’s use “A good password” as an example. “agoodpassword” is a terrible password, but “AgO0dP@ssw0rd!” is exponentially stronger and hard to guess/crack. Additionally, we want to avoid using the same password for everything, try to keep our passwords updated and rotating roughly every 90 days (this is the accepted industry standard), and avoid using commonly guess personal item (family names, pet names, birthdates, etc).

Now, all of this can quickly become a lot to keep track of, especially as more of our personal and professional lives move online – which is what eventually leads to the bane of any IT security professional’s existence: the sticky note! We are all guilty of this at one point or another, but a note on a monitor, or under a keyboard or mousepad is the quickest way to undermine even the world’s most robust password security policy. To use an often-cited analogy: there’s not much point in locking up the house if we are just going to leave the key on the porch. In order to combat the complexities of managing multiple complex passwords, I would suggest the use of a trusted password manager. There are a number of options out there, so one should experiment and find the one that suites their needs the best.

Lock Your System
Another simple step we can all take that can increase our overall security is to lock our computer systems when we leave them unattended. This can be accomplished via the start menu in Windows (or by simply hitting the Windows key + L) simultaneously. Locking our screen prevents anyone from using our system while we are gone, as it requires us to enter our password in order to re-access our desktop. Again, to call back to the house analogy, this would be the equivalent of locking our door when we leave. Locking our screens when we are away from our system will both help prevent the unintended sharing or loss of client/company information, and prevent anyone from accessing our accounts/services without our knowledge. Please note though, this practice does nothing if our system password is hanging off our monitor on a sticky note!

Regular Training
Finally one of the best ways to increase end user security is through regular security and awareness training. Just like we need to patch our systems and software in order for them to stay current, we need to keep our personal knowledge of threats and solutions up to date as well. This month we are offering a FREE Lunch & Learn opportunity for your business. We'll provide the knowledge you need for business success as well as a lunch for you and your Team. Call us at (845) 231-2117 before 31 October, 2018 at and see if you qualify for this offer. If you do we will meet you and your team at your place of business with pizza, napkins and lots of good information.  Call us now to schedule a date and time!

If you have any security concerns or questions, please feel free to call Ed Shanker at Meeting Tree Computer at (845) 237-2117.