5 Ways to Curb Your “Careless” Users

In a recent Trend Micro survey of small and mid-sized businesses, 83% of respondents agreed that end-user ignorance was the biggest security threat they faced. So if the problem is ignorance and carelessness, what’s the solution?

We’ve got five to get you started:

1.  Where do you think you’re going?

URL filtering can restrict access to legitimate sites that are big distractions (Facebook, for example), but it can also block exposure to unsavoury or outright unsafe websites. This can come in handy when a careless user clicks a link they should have left alone. URL filtering can prevent the computer from accessing a site crawling with viruses, or one that could set up your company for legal liability.

2.  Create strong passwords.

An ignorant user will always fall back on the same password for every login—and the password will be a name, a predictable number sequence like “12345,” or even the word “password.”

So write up a policy for creating strong passwords: they should be 8-15 characters long, with embedded numbers and symbols to stop simple attacks that guess passwords. Remember the best passwords aren’t words, they can be patterns instead. And the passwords should change every few months.

3.  Remind them what a real AV solution looks like.

Fake AV pop-ups still bedevil many small-business users. If a person isn’t particularly tech-savvy, and if they’re distracted, they could easily be fooled by a scary warning that suddenly appears on their computer screen.

Make sure employees know what antivirus software your company uses and what it looks like when it updates. Ideally, it will update automatically and not need the user to manually kick off the process. Your staff should know that any prompts to update their security software are likely coming from a phoney source.

4.  Put it in writing.

No company is too small to have a formal, written security policy. Make sure your security policy covers software restrictions (which applications can be installed and which ones are prohibited), password creation guidelines, restrictions around personal use and social media, and guidelines for internal and external communications.

It’s a good idea to appoint a security policy manager who other employees can consult if they need help or advice. And, of course, be prepared to enforce your policies.

5.  Embrace automation.

No matter how security-conscious your employees may be, chances are they’re paid to do something besides worry about computers all day. Let them do their jobs and don’t make employees the only barrier between your business and a major security breakdown.

Use a managed AV solution like SecureMe2 that updates automatically to onsite and remote machines. Most importantly, it will stop employees from uninstalling the software or stopping security scans.