Improve Employee Cyber Hygiene

We’ve written about best practices for cyber hygiene previously. As we noted then, it’s not just IT who needs to practice good cyber hygiene habits, it’s a responsibility that falls on everyone at the company. Today, let’s dig into how you can help improve employee’s data security practices.

The overwhelming majority of employees worry about data security and are well meaning in their desire to stay secure, they simply don’t know when they’re being unsafe and they’re focus is on getting their work done.

Dell looked at this topic in a 2017 study. They found, “a lack of understanding in the workplace regarding how confidential data should be shared and data security policies. This lack of clarity and confusion is not without merit; there are many circumstances under which it makes sense to share confidential information in order to push business initiatives forward.”

According to the study, 72% employees say they would share sensitive, confidential or regulated company information under certain circumstances for a wide range of reasons including:
- Being directed to do so by management (43%)
- Sharing with a person authorized to receive it (37%)
- Determining that the risk to their company is very low and the potential benefit of sharing information is high (23%)
- Feeling it will help them do their job more effectively (22%)
- Feeling it will help the recipient do their job more effectively (13%)

When looking at the data by industry, the percent of employees who would share confidential information is alarming:
- 81% of employees in financial services
- 75% of employees in education
- 68% of employees in healthcare
- 68% of employees in federal government

According to Brett Hansen, vice president of Endpoint Data Security and Management at Dell, “When security becomes a case-by-case judgement call being made by the individual employee, there is no consistency or efficacy. These findings suggest employees need to be better educated about data security best practices, and companies must put procedures in place that focus first and foremost on securing data while maintaining productivity.”

The goal for IT is to find ways to keep employees safe that doesn’t impact their ability to do their jobs effectively. Ongoing security education should be mandatory for every employee. If you don’t have a program in place, that is step one. The cadence of when security update meetings are held is up to you...monthly, quarterly, annually. The meetings should be short and interactive. If you want them to remember what to do after they leave the meeting, keep the adage “give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime”, in mind. By involving everyone one in the training, they are more likely to remember and practice it.

Unfortunately, as the Dell study points out, good cyber hygiene goes beyond best practices training and requires you to implement and manage security controls directly. With new cloud-native endpoint security solutions, like Automox, implementing and enforcing these controls is simple, non-disruptive, and effective at decreasing your attack surface.

Automox uses a lightweight agent deployed to every endpoint in your infrastructure, regardless of OS or location. Once deployed, you have visibility of your entire infrastructure in a single dashboard. You can see the patch status of each device and server, you also see the software and hardware present on each endpoint.

From your dashboard, you can access Automox’s policy engine to create specific policies for patching, software deployment or software blacklisting, and configuration controls. You can also quickly and easily set up groups based on your needs, be it geographic, departmental, or access requirements.

Applying policies to groups is as simple as a single click. You can lock down USB ports, enforce password requirements, apply patches as soon as they are available (or shortly thereafter when testing is required), and all of this can be configured so each policy and each group has its own specific requirements.

As a cloud native solution, Automox is ‘self healing’. Every time a policy runs, it enforces your controls. For example, if someone downloads blacklisted software, it will be removed. Or if someone deleted a printer driver, it will be reinstalled.

Automox simplifies your ability to apply and enforce security controls, so you can spend your time focused on other security priorities. Your employees are safer and their cyber hygiene is improved without impacting their ability to get their work done.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.