A recent IT Portal article debunks common cloud security myths, pointing out that users (and your clients) often have an outdated understanding of the risks they face. Top misconceptions included…
- There are more breaches in the cloud.
- Cloud security is simple.
- Users aren't in control of their data.
- Cloud service providers are responsible for its security.
This got us thinking – why is the knowledge gap so wide between you and your clients?
That's more than just a philosophical question. When you talk with clients about security, they might not actually know what's good for them. It's in the best interest of you and your clients to get these things right. Lack of education may lead to an irreversible lapse in data security.
Data Security: It's Not What You Think
IT moves quickly, and your client's understanding of data security can be years behind. Clients have heard of antivirus software and firewalls (after all, there was that Harrison Ford movie Firewall). Meanwhile, we continue to see headlines like our own post "Symantec Says Antivirus Is Dead. What This Means for Your Clients."
Why do clients hold on to these outdated ideas? Well, there's something appealing about these perimeter defenses because clients…
- Know what they are.
- Can see that they've been installed.
- Feel reassured by the familiarity.
But as you know, perimeter defenses like firewalls and antivirus software haven't been a suitable IT solution for a long time.
Bring Clients Up-to-Speed with Security Show and Tell
While there's always going to be antimalware software, security has evolved to be more holistic. Explain to clients that current approaches to security involve better control of access, employee education, and processes that control the damage of a security incident.
This "big picture" approach – one that emphasizes training and best practices – can be hard to understand for a client without a tech background and simply wants a quick fix. Start with the basics and teach your clients about some of their real risk factors:
- Social engineering remains a key way hackers are able to break into data. Criminals can track employee activity, spear phish them, or use other means to get them to give up their credentials.
- Using three or more social networks increases your risk of identity theft by 73 percent. While employers were pushing employees to be visible "thought leaders" and "influencers" online, it turns out that having three or more social media accounts can open you up to more risk (see Business Insider's write-up). More accounts mean more areas criminals can target you. Social media provides a handy entry point for criminals looking to get information.
- Silly user errors and employee mistakes persist as serious threats. A client's employees may overestimate their security and develop bad online habits that could open the door to cyber criminals looking to sneak into your client's network. For instance, you're twice as likely to get your identity stolen if you use public WiFi, but that doesn't stop many employees from opening up their laptop at Starbucks.
How to Cut Down Social Engineering Attacks
Unfortunately, there's no shortcut here. To reduce their risk of social engineering attacks, your clients will have to invest in better training and security policy. These strategies will take time and effort.
As covered in "The Thrilling Phishing Attempt that Happened to TechInsurance Employee," phishing attacks strike all businesses, even TechInsurance. Though no one at our workplace fell for it, attacks have become more sophisticated. They're better tailored to small businesses and remain incredibly effective – 23 percent of employees click on a phishing email.
To combat these risks, some companies are investing in more significant training, even sending fake phishing attempts to their employees to see who takes the bait. This approach to security is a far cry from simply installing a firewall and calling it a day.
To learn more about security education, check out our Customer Education Packet– a free resource you can share with clients to explain industry best practices.
