How to keep employees happy and safe, and marry security with user experience
Tuesday, October 17, 2023
Zero trust has become the go-to cyber security policy in the modern enterprise, moving from a buzzword to one of the foundational principles of digital transformation – a meteoric rise in just a few short years. And for good reason, given the scale of threats that emanate from inside the business – with user error among the weakest links.
How to guarantee a streamlined employee UX
There’s no good in implementing technical controls, says Dr Ilia Kolochenko, a cyber security and cyber law expert and CEO of ImmuniWeb, without adequate training. “Technical controls will bring more harm than good if implemented without proper education of end users.
“Users deserve friendly training that would convincingly explain why all these security controls – that most users may reasonably perceive rather as a hindrance – are really needed to protect their company, their colleagues, and even themselves.”
He says once they accept that such controls are needed, even more training is needed to convey how to use them efficiently. Some businesses, he warns, may be tempted to impose technocratic training – but it really pays to offer some kind of reward for engagement, such as company-wide recognition in some way.
“Security awareness is a continuous process, not an ad-hoc exercise,” he continues.” Therefore, companies really need to regularly conduct training and drills, and even organize year-long competitions, for instance, the person who spots the highest number of phishing emails will get a valuable prize, while other top 10 reporters will get some financial bonuses.
The best approach is to understand the needs of end users, he concludes, and to make sure all their requirements to use digital equipment are met. “And then,” he adds, “implement full automation for everything, while making sure that security controls cannot be bypassed or at least such attempts are detected and contained in a timely manner.” Read Full Article
LexisNexis Mealey’s® Litigation Report (Artificial Intelligence): Generative AI In Legal Practice: Technical And Legal Aspects To Consider