Question

what do you think about following paragraph:

You made a good suggestion in the Follow-Up phase related to end users and making sure they use their devices correctly. The best way to accomplish this is by providing them with appropriate data security training. As mentioned in the textbook and in many other classes we have taken so far, most attacks are targeted at end users and not necessarily the technology. It is much easier for a hacker to get a password or some other sensitive data from a person than trying to fool the technology. That's why I believe there should be a heavy focus on providing end users with regular awareness, training and education on various threats and risks they can be exposed to. Many organizations have all sorts of security policies and regulations on paper and yet, their associates have very little knowledge about it. Sometimes, this can be due to policies being too complicated and difficult to understand or simply organizations failing to enforce the compliance.

Answer 1

As most of our important transactions happen over the internet, it poses great risk as our personal data may get exposed to hackers. By various studies it's been found that end users are often the first to compromise security and hence are most vulnerable to be hacked by a hacker to steal their personal information.

The most common way in which a hacker can steal user's data is by Phishing. Phishing is a way to get user's sensitive information by pretending to be someone authorized person. It is usually done by e-mails. This mail appears to come from a recognized authority users need to enter their username and password for confirmation. These emails usually have a link to a page that looks identical to that of original website of the authorized company. Clicking on the link will automatically downloads some kind of Malware into the user's system and hackers may have access to the user's device.

Not only Phishing but there are many other ways in which hackers can enter a user's device as most of our devices such as Smartphones, Laptops etc are connected to the internet all the time.

This is why educating end users about security attacks and protection is a top priority for any company. This includes educating users that they can be targeted, teaching them about what is sensitive data, how to identify and prevent themselves security attacks.

There are many ways in which security awareness training can be given to end users may be through some online courses covering the importance of cyber security. Another way is by physically demonstrating what hackers can achieve from by making cyber attacks on them. Whether or not a company is taking proper security measures for their end users seriously , users themselves must take time to analyse and invest in cyber security to prevent there personal data from being hacked.