Education – The unspoken aspect of layered security

I have used the concept of layered security when discussing with resellers/ MSPs how to use various solutions or services to adequately protect their customers. Education is key.

The thing that I don’t usually mention that is equally as important as any layered-security service you implement for your clients is an effective end-user education program.

All too often the reason the Ransomware/ Malware/ Breach occurs is due to an unintentional action by someone within that organization, and the reason for that is that these users are not capable of identifying a potential threat and act accordingly. Instead they do the thing that the engineers of that attack want them to do.

So why would it be beneficial for you to offer this education to your customer?

1. Reduced number of callouts – Educating users on potential dangers will go a long way to reducing the number of tickets and support requests your techs will receive, allowing them to focus their time elsewhere.
2. Help them understand what you do – The average user doesn’t really understand cyber-security. There are limitations to what you can provide and it is important that they know what it is you do for the business and where they can play their part to manage the security of the site.
3. Reputation – Your client’s customers will not care about how the network was breached or infected. Instead they will see it as the business not taking the correct measures to safe-guard their systems or their sensitive information. This will inevitably affect their reputation, and as their security provider, yours as well.
4. Additional Revenue –Offering education services is a great way to build an extra revenue stream for your business, expand your reputation as a security provider and demonstrate the value that you offer.
5. The bigger picture – Although we don’t often view it as such, security providers are fighting a constant battle on a much larger arena. The harder you make it for the ‘Bad Guys’ to ransom or steal information the less money they make. Empowering end-users and having them play their part, not just at work but in their private lives as well, can make a difference. Every little bit helps.

Soft Solutions already has a number of resellers around the country that run end user training programs or cyber-security training services. These have proven to be effective in reducing the number of call-outs and support requests they have had to deal with for avoidable problems.

There are plenty of resources available online that cover the various topics of Cyber-Security education and what it is that users need to be aware of, ranging from Government to private institute recommendations and full-fledged courses run by organisations such as Coursera, with more than enough information to get you started.

Credit: 2014 Scott Adams, inc (Dilbert.com)