11 Protecting the people

 

This chapter covers

  • Comparing different types of company cultures and learning how they impact security
  • Learning how to leverage the three concepts of cybersecurity to build and enhance your own organization’s security culture
  • Learning how to protect against the most common form of attack: ransomware
  • Providing good education and support to end users and using this to create a powerful culture of security

Computers do what we program them to do, but people are unpredictable and fallible. This makes the people in our organizations much better targets than our closely monitored and protected computers and software. But protection isn’t about stopping people from doing things; it’s about educating them, supporting them, and making it easier for them to be more secure when doing their everyday work. Before we go further, you’ll find it helpful to have read chapter 3 (where we talk about the hacker mindset and the different types of hackers) and chapter 5 (where we looked at social engineering attacks and how these different types of hackers exploit end users).

11.1 Don’t play the blame game

11.2 MFA

11.3 Protecting from ransomware

11.3.1 Make sure everyone has antimalware software installed

11.3.2 Make it easy to install legitimate software

11.3.3 Backups

11.4 Education and support

11.4.1 Regular email newsletters

11.4.2 Lunchtime talks

11.4.3 Security concierge or security champion

11.4.4 Live exercises

Summary