Moving Beyond Blaming and Training Users
At the end of this SC Magazine article on phishing, it suggests that employees “do not click on links in the body of emails, be careful about opening email attachments, make sure anti-virus is updated on computers and mobile devices, and mark suspicious emails as spam.” While this is all good advice, it’s nowhere near enough.
The days of asking employees to not click on a link they are sent is like asking a screaming toddler to be please be quiet. You have to put controls in place that prevent employees from tripping over themselves. By employing a browser like Passages and making it the only exit point for your employees to the web, these kinds of threats are stopped dead in their tracks.
The whole “blame and train the end user” method of security is a failure and a cop-out by security engineers. We KNOW that users will make mistakes, and some users will not even try to do the right thing. The system needs to work well and protect them anyway. That is the whole idea behind Passages; it protects users even when they are not protecting themselves.