Let’s be honest, everyone (all of us: you and me) either operates in a naive state or a hyper-aware (possibly overreacting) state at times when danger surrounds us. It’s natural – evolutionary in fact. This applies when it comes to our firms’ technology as well. We get hot and bothered every so often when a breach hits close to home and/or we hear doom and gloom at a conference…but then, we go back to our usual ways.
In the end, if you are going to be more secure, you have to likely change what you are doing. There’s another human thing: we hate change. HATE IT. Security, as I have recently noticed, presents one of the larger changes a firm has to make, but it doesn’t have to be as dramatic as it sounds.
Restrictive Hard to use Locked down Peace of mind Lose your mind
Loose Easy to use Open Worried Freeing
There is a natural yin-yang with security. If you are too secure, it will hinder employees’ ability to be productive (i.e. why some things have to move so slowly in the military, etc.). If you are not secure at all, it will come back to haunt you and will wipe out your gains (think speeding ticket – all the time you save by speeding will eventually be wiped out by getting pulled over…or worse, an accident). It’s a balance you have to strike, however, it’s never been easier to accomplish in a way that has both minimal impact on users while simultaneously being WAY more secure.
Here are the 3 things you need to implement:
We at Xcentric use Duo and love it. It’s super easy and squelches most concerns of your firm’s users working remotely (public wifi) and from computers that are not corporately managed. This is a no brainer. If you use the Xcentric Cloud, it’s a simple user toggle on/off in your preferences.
Threat Protection Email Features
91% of hacks/ransomware/etc. come via email. You need to add a layer of security that is often called “Threat Protection.” Microsoft and Mimecast (amongst others) have their own versions of this product. It’s an easy add to most spam packages and you should consider it. Here is more information on the type of things it protects from.
Employee Annual Security Training
More on that here.