Last Line of Defence

With all the recent heightened media activity surrounding the Cyber Wannacry Ransomware and Not-Petya malware activity, it is easy to forget the vulnerability of our most important asset.  We focus all our attention on protecting and securing our IT systems, and shield them in protective layers of security and assurances and explain very little, leaving it up to other uncontrolled and often incomplete resources to fill in the gaps. I am of course referring to our internal users, the administrators, the clerks, data-manipulators doctors and nurses, the people who have and need access to the core data we try to protect. They are after all our last line of defence, we need them to not click on that link or reply to that email, because if they do, all our technological wizardry will be undone.

How often though do we educate them on what is going on in the big bad world of cyber crime? Do we tell them how to recognise a potential threat, what to do if they are suspicious of something or even of someone? Do we remind them not to stick that USB device they found in the carpark into a pc, do we tell them what to do with it? Do we educate them about the threats and exploits that affect them, teach them what to look for and how to avoid being “that person” that clicked a link that brought the network down?

Educating your last line of defence is as critical as the defence we place at the perimeter, and I don’t just mean reading a leaflet or watching a PowerPoint presentation. Instructors will tell you students retain more information from something they interact with, over something they just read or watch. Security events or security training days can be very effective, but not always practical for everyone. At the very least training should include tests with pass or fail thresholds, on what information has been retained. Results should be analysed and where appropriate further training should be provided to ensure you are not the latest victim of a cyber-attack.

It is important for us all to know that our last line of defence is as educated and aware as possible, let’s not rely on the news and media to protect our backs.