WEBVTT 00:00:00.000 --> 00:00:05.877 align:middle line:90% 00:00:05.877 --> 00:00:07.460 align:middle line:84% In this video, we're talking about why 00:00:07.460 --> 00:00:09.770 align:middle line:84% you need to strike a balance between security 00:00:09.770 --> 00:00:12.430 align:middle line:90% and ease of use. 00:00:12.430 --> 00:00:14.490 align:middle line:84% Now, it's always a little bit of a balancing act 00:00:14.490 --> 00:00:18.180 align:middle line:84% between securing your network and your users 00:00:18.180 --> 00:00:21.290 align:middle line:84% being willing to do what they need to do. 00:00:21.290 --> 00:00:24.470 align:middle line:84% Now, on one hand, our users tend to be our biggest security 00:00:24.470 --> 00:00:25.250 align:middle line:90% risk. 00:00:25.250 --> 00:00:30.080 align:middle line:84% Our users are also critical to any part of any business. 00:00:30.080 --> 00:00:33.500 align:middle line:84% And our users can also be one of our biggest assets 00:00:33.500 --> 00:00:36.200 align:middle line:90% to securing our own network. 00:00:36.200 --> 00:00:38.570 align:middle line:84% Now, the reason for this is we have a lot of users. 00:00:38.570 --> 00:00:42.110 align:middle line:84% Our users tend to outnumber the IT and security 00:00:42.110 --> 00:00:45.180 align:middle line:90% personnel on any staff. 00:00:45.180 --> 00:00:47.910 align:middle line:84% And they also tend to be the people that 00:00:47.910 --> 00:00:50.280 align:middle line:90% are being targeted directly. 00:00:50.280 --> 00:00:53.530 align:middle line:84% If it's not a machine, it's not a server, it's not a switch, 00:00:53.530 --> 00:00:56.970 align:middle line:84% it's going to be most likely our users that are being targeted. 00:00:56.970 --> 00:00:59.150 align:middle line:84% And this is why they're so important. 00:00:59.150 --> 00:01:02.000 align:middle line:90% 00:01:02.000 --> 00:01:04.760 align:middle line:84% Now, the problem if we make things too restrictive, 00:01:04.760 --> 00:01:07.100 align:middle line:84% having a draconian security policy 00:01:07.100 --> 00:01:09.800 align:middle line:84% will most likely be met with resistance. 00:01:09.800 --> 00:01:15.320 align:middle line:84% Things like, well, blocking everything on the internet, 00:01:15.320 --> 00:01:17.480 align:middle line:84% having a deny all and then allowing 00:01:17.480 --> 00:01:19.730 align:middle line:84% things, that is probably going to be met 00:01:19.730 --> 00:01:22.470 align:middle line:90% with a whole lot of backlash. 00:01:22.470 --> 00:01:24.840 align:middle line:84% Making your security policies too restrictive 00:01:24.840 --> 00:01:28.750 align:middle line:84% will most likely cause employees, that just want 00:01:28.750 --> 00:01:32.530 align:middle line:90% to do their jobs, very angry. 00:01:32.530 --> 00:01:37.410 align:middle line:84% Now, making things too difficult for a user to do their job, 00:01:37.410 --> 00:01:39.280 align:middle line:84% they're probably going to start getting mad. 00:01:39.280 --> 00:01:41.040 align:middle line:84% They're going to most likely start 00:01:41.040 --> 00:01:43.080 align:middle line:84% ignoring a lot of security protocols. 00:01:43.080 --> 00:01:45.930 align:middle line:84% And they're probably going to find other way, creative ways 00:01:45.930 --> 00:01:50.010 align:middle line:84% around what you just set up, thus potentially making 00:01:50.010 --> 00:01:52.100 align:middle line:90% things worse. 00:01:52.100 --> 00:01:54.740 align:middle line:84% Also, making a security policy that's too confusing 00:01:54.740 --> 00:01:57.410 align:middle line:84% will likely result in no security. 00:01:57.410 --> 00:01:59.510 align:middle line:84% They're probably going to ignore it, because they 00:01:59.510 --> 00:02:00.500 align:middle line:90% don't understand it. 00:02:00.500 --> 00:02:02.150 align:middle line:84% They don't understand why it's they're. 00:02:02.150 --> 00:02:05.060 align:middle line:84% Having an easy to follow, simple to understand security policy 00:02:05.060 --> 00:02:09.979 align:middle line:84% will be more likely to result in participation from your users. 00:02:09.979 --> 00:02:12.470 align:middle line:84% At the end of the day, we still need a secure network 00:02:12.470 --> 00:02:13.355 align:middle line:90% and our users. 00:02:13.355 --> 00:02:16.910 align:middle line:90% 00:02:16.910 --> 00:02:19.570 align:middle line:84% So this is why we need to strike a balance. 00:02:19.570 --> 00:02:22.240 align:middle line:84% So create your user accounts with just enough rights 00:02:22.240 --> 00:02:23.750 align:middle line:90% to do your job. 00:02:23.750 --> 00:02:25.870 align:middle line:84% And you may need some flexibility here. 00:02:25.870 --> 00:02:30.160 align:middle line:84% Now, say, your payroll people just 00:02:30.160 --> 00:02:32.800 align:middle line:84% having them being able to access, say, 00:02:32.800 --> 00:02:38.410 align:middle line:84% Excel spreadsheet, the printer, a Word document, and a web 00:02:38.410 --> 00:02:42.110 align:middle line:84% portal to whatever financial system they have, 00:02:42.110 --> 00:02:46.430 align:middle line:84% while that may technically be enough for them to do their job 00:02:46.430 --> 00:02:48.800 align:middle line:84% is most likely going to be too restrictive. 00:02:48.800 --> 00:02:53.390 align:middle line:84% So again, you're going to have to have some flexibility there. 00:02:53.390 --> 00:02:56.630 align:middle line:84% It's far easier to never have given a user rights 00:02:56.630 --> 00:02:59.490 align:middle line:84% to something than to take it away. 00:02:59.490 --> 00:03:03.630 align:middle line:84% Again, is if you have, say, a really open account policy, 00:03:03.630 --> 00:03:06.960 align:middle line:84% people have admin rights, so you can add and remove 00:03:06.960 --> 00:03:09.030 align:middle line:84% modify folders on the network drive. 00:03:09.030 --> 00:03:11.070 align:middle line:90% They can add whatever printers. 00:03:11.070 --> 00:03:13.410 align:middle line:84% They could start installing a bunch of software 00:03:13.410 --> 00:03:15.270 align:middle line:84% on their computer that they want, 00:03:15.270 --> 00:03:18.850 align:middle line:84% custom browsers, custom wallpapers, and whatnot. 00:03:18.850 --> 00:03:21.060 align:middle line:84% And then one day you take it away. 00:03:21.060 --> 00:03:24.420 align:middle line:84% You go, well, this is way too open, I need to lock this down. 00:03:24.420 --> 00:03:26.610 align:middle line:84% You start locking down a lot of stuff, 00:03:26.610 --> 00:03:29.370 align:middle line:84% you're going to get more backlash from your users. 00:03:29.370 --> 00:03:31.890 align:middle line:84% Versus if you figure things out ahead of time. 00:03:31.890 --> 00:03:37.090 align:middle line:84% Figure out, well, this is a direction we need to go. 00:03:37.090 --> 00:03:40.512 align:middle line:84% We need to restrict what programmes they can install. 00:03:40.512 --> 00:03:42.970 align:middle line:84% We're not going to allow users to install software anymore. 00:03:42.970 --> 00:03:46.150 align:middle line:84% If they want something, they need to fill out this form, 00:03:46.150 --> 00:03:47.620 align:middle line:84% and then we'll review it and then 00:03:47.620 --> 00:03:50.680 align:middle line:90% we can install it for them. 00:03:50.680 --> 00:03:54.160 align:middle line:84% Having that set up beforehand is going to be far easier. 00:03:54.160 --> 00:03:57.960 align:middle line:84% Again, when you take something away from a user, 00:03:57.960 --> 00:04:00.840 align:middle line:84% whether they're going to use it or not or whether they need it 00:04:00.840 --> 00:04:04.420 align:middle line:84% or not, the perception of you're taking something away 00:04:04.420 --> 00:04:07.035 align:middle line:84% from me is going to be pretty strong with most people. 00:04:07.035 --> 00:04:08.410 align:middle line:84% And they're not going to like it. 00:04:08.410 --> 00:04:11.070 align:middle line:84% Again, it doesn't matter if they ever used it before. 00:04:11.070 --> 00:04:12.820 align:middle line:84% The fact that you're taking something away 00:04:12.820 --> 00:04:16.209 align:middle line:84% that they used to have tends to get people really mad. 00:04:16.209 --> 00:04:19.110 align:middle line:90% 00:04:19.110 --> 00:04:20.640 align:middle line:90% Be fair to your employees. 00:04:20.640 --> 00:04:25.380 align:middle line:84% At the end of the day, everyone has a job they need to perform. 00:04:25.380 --> 00:04:30.240 align:middle line:84% Provide adequate training that will work for your employees. 00:04:30.240 --> 00:04:33.960 align:middle line:84% And also, enable a way for users to report an incident 00:04:33.960 --> 00:04:35.580 align:middle line:90% or question easily. 00:04:35.580 --> 00:04:39.090 align:middle line:84% If you make it confusing or you don't tell people 00:04:39.090 --> 00:04:40.770 align:middle line:84% how to report something, they're not 00:04:40.770 --> 00:04:43.770 align:middle line:84% going to bother reporting the incident that they run into 00:04:43.770 --> 00:04:47.760 align:middle line:84% or if they have a security question. 00:04:47.760 --> 00:04:49.380 align:middle line:84% Once you find a balance, it should 00:04:49.380 --> 00:04:53.820 align:middle line:84% be signed off by management and to be implemented and made 00:04:53.820 --> 00:04:55.110 align:middle line:90% a requirement. 00:04:55.110 --> 00:04:58.740 align:middle line:84% Again, just having your IT technician come up 00:04:58.740 --> 00:05:02.130 align:middle line:84% with this brilliant security plan, training plan, 00:05:02.130 --> 00:05:05.300 align:middle line:84% and then throwing it out there, unfortunately, 00:05:05.300 --> 00:05:07.220 align:middle line:84% is not going to have any weight behind it. 00:05:07.220 --> 00:05:10.490 align:middle line:84% It needs to be signed off by management and management 00:05:10.490 --> 00:05:13.580 align:middle line:84% integrate it into the business practises. 00:05:13.580 --> 00:05:16.340 align:middle line:84% That way you have accountability, 00:05:16.340 --> 00:05:19.240 align:middle line:84% and you have some sort of authority behind it. 00:05:19.240 --> 00:05:22.020 align:middle line:90% 00:05:22.020 --> 00:05:26.140 align:middle line:84% So wrapping up, your users can be your biggest security risk. 00:05:26.140 --> 00:05:28.820 align:middle line:84% They can also be your biggest security help. 00:05:28.820 --> 00:05:32.650 align:middle line:84% So make sure you train them and utilise them. 00:05:32.650 --> 00:05:35.320 align:middle line:84% There must be a balance struck between network security 00:05:35.320 --> 00:05:37.970 align:middle line:90% and workability for your users. 00:05:37.970 --> 00:05:39.960 align:middle line:84% And trying to keep it simple and engaging. 00:05:39.960 --> 00:05:43.250 align:middle line:84% Having an overly complicated, security plan 00:05:43.250 --> 00:05:47.140 align:middle line:84% will most likely confuse users, and they're not 00:05:47.140 --> 00:05:48.220 align:middle line:90% going to use it. 00:05:48.220 --> 00:05:52.445 align:middle line:84% Try to keep it simple and engaging. 00:05:52.445 --> 00:05:53.820 align:middle line:84% So in the next video, we're going 00:05:53.820 --> 00:05:55.992 align:middle line:84% to be talking about employee reporting. 00:05:55.992 --> 00:05:56.950 align:middle line:90% Thank you for watching. 00:05:56.950 --> 00:05:59.000 align:middle line:90% I'll see you in the next video. 00:05:59.000 --> 00:06:00.000 align:middle line:90%