We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
2
17
2017
1.24.2023

To Maintain IT Security, You Might Need to Annoy Your Users

Last updated:
9.16.2020
1.24.2023
No items found.

We've posted quite a bit about best user practices to maintain the integrity of your IT infrastructure, especially strong password hygiene, the use of antivirus/antimalware, and the importance of backups in the case something goes awry. With user negligence causing up to 68% of breaches, according to a Ponemon Research study, these practices are essential. But how can you make sure your employees adhere to them?

A recent article covering the Clinton presidential campaign staff methods to encourage information security reveals one major secret to IT security: being kind of annoying.
 

Keeping I.T. Safety Top of Mind

nagging your users can lead to stronger cybersecurity

In the words of Harry Potter's Mad Eye Moody, constant vigilance is one of the best methods to avoid cyberattack, whether you're facing DDoS, phishing attacks, viruses, or the current scourge of IT departments across the globe, ransomware.

In other words, train your staff and remind them regularly about cyber dangers like clicking on unsolicited links, providing login details via e-mail, or re-using the same password across a variety of services. This isn't really new advice, but the Clinton campaign took things to new levels.

They would send regular fake phishing e-mails to staff members to see how they would respond. After a round of these tests, they would report back to the staff during regular meetings to let them know what they clicked on that they shouldn't or which addresses they replied to that could have been from outside the campaign. In addition to these tests, they would even plaster the bathrooms and public areas with signs, reminding users not to share their passwords, or slogans like, "Don't click on that link, stop and think." Staff meeting agendas included infosec updates from the IT director, making him an essential piece of the overall campaign strategy and success, rather than a typically overlooked role that is only consulted when technology isn't working properly.

"But wait," you may object. "The Clinton campaign got hacked, didn't they?"

It was actually the Democratic National Committee's servers that were hacked, with e-mail subsequently published by Wikileaks. With extremely sensitive e-mail ranging from secret campaign strategy to potential national security issues, the Clinton campaign had good reason to keep IT security top of mind for its staffers.

BE ANNOYING

Users may not be happy with constant reminders about their lax security, so you might need to include the risks at hand when describing the importance of IT safety. Insider threats remain a top cause of data loss or other breaches, particularly ransomware, which can cost tens of thousands of dollars in ransom if you do not have a recent backup and can't afford to lose your latest data.

Here are some mild annoyances to continue reminding your users about:

Nobody likes a nag, it's true. And everybody groans when the reminder to change an expired password pops up, or becomes frustrated when they fail to meet password requirements for their first three attempts to set a new one, only to find their fourth attempt is actually their last password. But with clear and regular communication from your IT staff, employees will soon take cyber hygiene as second nature.

Recent Blog Posts

lunavi logo alternate white and yellow
1.24.2023
11
.
18
.
2022
Business Intelligence: The Present and Future with Director of Data Analytics, Jeff Thomas

Join us as we dive into the world of data analytics with our very own, Jeff Thomas. With 18 years of experience in this field, Jeff shared valuable knowledge and insight on the current trends of data analytics and where he believes the field is headed. We also discussed the challenges and barriers that enterprises face when implementing data analytics practices, Jeff explains how to rise above these challenges and use data to your competitive advantage.

Learn more
lunavi logo alternate white and yellow
1.24.2023
02
.
15
.
2022
Service Changes Coming to Microsoft 365 & Office 365

The NCE offers new subscription terms including 12-month and 36-month plans priced lower than monthly contracts. In addition, it is easier to add seats, cancellation policies are more consistent, and there are two promotional options to lock in a better rate for your current renewal. However, the mandatory new plans do include price adjustments.

Learn more
lunavi logo alternate white and yellow
1.24.2023
01
.
21
.
2022
Automate Your Cloud with Azure Bicep

Azure Bicep is a great way to implement Infrastructure as a Code to automate the provisioning of Azure resources. In this post, I’ll get you started by describing how Bicep language works as well as key differences and similarities between Bicep and ARM Templates.

Learn more