Human sensors: How encouraging user reporting strengthens security
by Scott Greaux - VP of Product Management and Services, PhishMe - Tuesday, 14 May 2013.
Pitfalls to avoid

Security officers who understand the potential value of user reporting can still be tripped up by making some of the common mistakes that will derail user reporting:
  • Making the process too complicated. By encouraging user reporting, we are asking employees to go beyond their normal job duties, so we need to make the process as simple as possible. The best way to do this is to have one email address for all suspicious emails – don’t make users discriminate between spam and phishing – and make that address well-known to all users.
  • Poor communication. Simply put, if users don’t know why they should report emails, where to report them, and which emails to report, a program will probably fail. Educating users about the risks malicious emails pose, as well as how user reporting benefits security, will help motivate users to participate.
  • Users should know what to expect when reporting an email. Will someone respond to their report? Likewise, communicating that no one will be punished for reporting that they clicked on something, is crucial. If employees fear they may lose their job, they will avoid reporting.
  • As we all know, in the event of an incident, a quick response can dramatically limit the damage, so ensuring that employees know there will be no negative consequences for reporting – even if they may have compromised the network – greatly enhances the benefits of user reporting. When employees do report suspicious activity, recognize them publicly for a job well done.
  • Failing to take advantage of technology and staff. A culture of user reporting gives us a bevy of data to analyze – some of it’s useful, some it isn’t – and it’s important to properly manage the data we receive from the process. If you have a SIEM you should use it to manage the data you receive, and allow the IR team to respond to legitimate incidents.
The ultimate goal should be to make user reporting part of your organization’s culture, with IT employees valuing information received from users, and users understanding the important role they can play in security. An organization that has this kind of culture will be able to respond faster and more effectively to emerging threats.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th