Human sensors: How encouraging user reporting strengthens security
by Scott Greaux - VP of Product Management and Services, PhishMe - Tuesday, 14 May 2013.
Pitfalls to avoid

Security officers who understand the potential value of user reporting can still be tripped up by making some of the common mistakes that will derail user reporting:
  • Making the process too complicated. By encouraging user reporting, we are asking employees to go beyond their normal job duties, so we need to make the process as simple as possible. The best way to do this is to have one email address for all suspicious emails Ė donít make users discriminate between spam and phishing Ė and make that address well-known to all users.
  • Poor communication. Simply put, if users donít know why they should report emails, where to report them, and which emails to report, a program will probably fail. Educating users about the risks malicious emails pose, as well as how user reporting benefits security, will help motivate users to participate.
  • Users should know what to expect when reporting an email. Will someone respond to their report? Likewise, communicating that no one will be punished for reporting that they clicked on something, is crucial. If employees fear they may lose their job, they will avoid reporting.
  • As we all know, in the event of an incident, a quick response can dramatically limit the damage, so ensuring that employees know there will be no negative consequences for reporting Ė even if they may have compromised the network Ė greatly enhances the benefits of user reporting. When employees do report suspicious activity, recognize them publicly for a job well done.
  • Failing to take advantage of technology and staff. A culture of user reporting gives us a bevy of data to analyze Ė some of itís useful, some it isnít Ė and itís important to properly manage the data we receive from the process. If you have a SIEM you should use it to manage the data you receive, and allow the IR team to respond to legitimate incidents.
The ultimate goal should be to make user reporting part of your organizationís culture, with IT employees valuing information received from users, and users understanding the important role they can play in security. An organization that has this kind of culture will be able to respond faster and more effectively to emerging threats.

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //