Are you worried about a cyber-attack on your data and computer network? River Run’s network security services include vulnerability, penetration testing and user training.
Network Security in today’s IT world is growing more complex. IT Directors and C-level people are searching for ways to stop threats, improve compliance and grow their business. In conversations with River Run clients, we often state the only way to stay completely safe in an online IT world is to unplug the network cable. Because this is not an option, IT security discussions turn to a host of network security tools such as network security software and hardware solutions that can help protect your network from a network security threat. While these are necessary, understanding an organization’s end users must also be a starting point when planning for a secure network.
The truth is, IT administrators can install multiple firewalls and other security tools, yet a user’s actions, malicious or accidental, can render that investment and planning useless with the click of a button.
High Risk Behaviors and Situations
To avoid building solutions that are too big, rigid and costly, the first step to computer network security needs to start with users in mind. If users have certain behaviors or deal with high risk situations, solutions need to be tailored to them.
Let us review some basic user behaviors that factor into security. To keep it simple, we break group behaviors into some ‘stereotypical’ users that are often seen in any office.
The “necessary evil” user
Users that see IT as a necessary evil, or even a tool that they are forced to use, are more likely to blame the device or the general computer network for odd behaviors. Users with this attitude will often use the phrase “it should just work” or “it is a simple solution.” While these phrases are legitimate expectations for IT, an over-simplified approach can lead to hurried, or rushed, actions due to frustration with the system. Training is the first and best step to succeed with these users. River Run helps our clients by providing cybersecurity training, along with basic IT understanding. This helps users understand the importance, complexity and security risk involved in day-to-day IT security issues.
The “get it done” user
These users tend to be your visionaries and part of your sales force. They value IT and embrace it. While these users understand the complexity and the dangers of IT, their focus on goals can cause some issues. While training for all users is key, training may be quickly forgotten in the rush of the day. An IT director may want to focus on access restrictions or site filtering for this type of user. River Run will aid our clients in Active Directory Policy or Web Filtering, through a business class Firewall, for this type of user.
The “naïve” user
This user is simply unaware and uninformed when it comes to IT. Although training will help, the complexity of IT may simply overwhelm this person on a day-to-day basis. IT directors may want to add extra solutions to protect security from these users. DNS filtering by Webroot is an example of a solution River Run will bring to the table for these users. It can make it difficult for users to locate specific domains or web sites, and block spam email from known malicious IP addresses.
The “proprietary information” user.
These users have access to sensitive, proprietary and intellectual property information which are highly valuable to your clients. Regardless of their attitude towards IT security, they hold the life blood of your business in their hands and on their computers. River Run will investigate three major avenues for clients that have users with these responsibilities:
1. The legal protection of IT governance policies must be in the HR handbook. These policies need to be signed and understood by these end users.
2. Proactive measures like data protection or legal hold, must be considered, and are available with the enterprise versions of Office 365.
3. Reactionary or after-the-fact measures, like turning on access logging on file servers, should be considered.
Regardless of the user types that wander the halls of your organization, these measures have great value. Each of these measures have varying levels of investment. River Run will work with you to understand your users and your business security needs to find the right level of investment that mitigates your risks to a nominal level.
Topics
Share this article