The Weidenhammer Blog

Cybersecurity Awareness Month – The Human Factor

Posted on: October 26th, 2016 | Category: Business Consulting, Network Security

Since October is Cybersecurity Awareness Month I thought that it’s a perfect time to remind you of the greatest weakness in a typical security plan – your employees.  In today’s times, everyone should be trained on a regular basis so they can be aware and vigilant of potential harm to consistently protect your business.


Just how harmful can one user error be?

One or two clicks can result in the following:

  • Ransomware attacks – Costly and violating which creates a loss of confidence among clients
  • Hacker access to vital workstations or servers – Major potential harm to client information and systems operations.
  • Expensive data breaches
  • Critical System Failure – expensive fixes to get back up and running and a decrease in customer satisfaction.
  • Interruption to your business activities and production


What can you do?

Organizations like yours, should work to develop a robust yet easy-to-manage User Awareness Program.  Often, Security folks focus on the technology – and although the technology is crucial, the human element is often the most overlooked aspect of an effective Security Program. Effective user awareness programs educate users about potential threats within the technology landscape that may directly and/or indirectly affect them, your business, and your clients. Well executed, a User Awareness Program can help develop a baseline of awareness within organizations, allow the business to test their implemented security controls, and provide metrics to leadership to show the level of effectiveness received by solid security programs.


What would users learn?

By implementing a User Awareness Program, employees are trained on how to identify a potential threat and what to do about it.  Users need to be trained on how to be more aware of:

  • Spam
  • Malware
  • Phishing attacks
  • Usage of strong passwords
  • Social Engineering
  • And more


My Recommendation

I highly recommend consulting Certified Information Security Professionals when planning an assessment, penetration tests, or developing a thorough awareness program. These providers can help you make the right choice for your individual needs.

Wendy Larsen

Wendy Larsen

Ms. Larsen is a Security Consultant within the Weidenhammer Consulting Group, possessing over 25 years of experience in information technology, cybersecurity, and system engineering. She performs comprehensive vulnerability assessments, develops cybersecurity awareness initiatives, and assists with implementing appropriate security controls to minimize security risks for customers.