Organizations defend their networks on each of the six levels in the green graph you see. End-user Internet Security Awareness Training resides in the outer layer: ‘Policies, Procedures, and Awareness’. As you see, this is the outer shell and in reality it is where security starts. You don’t open the door for the bad guy to come freely into your building, right? Let’s have a quick and admittedly highly simplified look at the rest of the layers of defense-in-depth.
End-user security awareness training is an important piece of your security puzzle because many attack types go after the end user (called social engineering) to succeed.
Once an organization has published policies, has implemented security procedures, and has trained all employees, the first step of defense-in-depth has been established.
The second step is defending the perimeter. In the case of IT that usually means a firewall, and related tools to block intrusions. With BYOD, your perimeter is obviously expanded to each employee individually.
Part three is protection of the internal network. There are various software tools that scan the network for attackers, traffic that should not be there, and many other ways to detect attacks. These are the Intrusion Detection, Intrusion Prevention and Breach Detection kind of products.
Next, protecting each individual computer in the network (called ‘hosts’) is also crucial. Here is where endpoint security tools like antivirus, firewalls and software whitelisting live, which attempt to block attacks on the individual computer level.
Then, there are many ways to protect the individual applications that are running on computers in the organization, and last but not least, the data also needs to be protected, and yet again, there are many, many ways to do that, for example encryption.
However, end-user security awareness can affect every aspect of an organization’s security profile, as it truly is where security starts! That is why it is so important that small and medium enterprises (including non-profits) step all end-users through effective Security Awareness Training, and enforce compliance.
Find out now how affordable this is for your organization.