Tighten the Weakest Link: Why End User Education Should Be Mandatory – No matter how many layers of protection your clients add to their networks and computer systems, there’s one “wild card” vulnerability that isn’t as easy to neutralize. Employees, guests and other people remain the weakest link in cybersecurity.
Businesses can offer up a dizzying array of steps and policies and still not solve the problem. Despite what the more cynical experts suggest, most people are not lazy, but we do tend to favor routine and take shorter routes whenever available. That helps explain why businesses that merely discuss security policies without changing and reinforcing employee behaviors are doomed to fail.
They’ve left their businesses and workforces exposed to rogue elements, phishing schemes, breaches and other cybercrimes. Without implementing an end user training program, their security investments have little to no measurable value. It’s like building an impregnable fence and having someone leave the gate unlocked ‒ or wide open.
As MSPs know, security is not a one-and-done event. Effective protection is a full-team effort that requires collaboration and strict adherence to policy to keep cybercriminals at bay. Of course, that’s still no guarantee.
Education is a Different Animal
Most MSPs are at the top of their game when it comes to technology, but tend to struggle when discussing, selling and delivering less tangible services such as policy development and end-user cybersecurity training. Both require a deep understanding of their clients’ operations, compliance needs and, most importantly, people.
The most challenging part of keeping systems and data safe is the human element. People are unpredictable, often undisciplined, and occasionally ignore the rules their employers and contractors put in place. Some MSPs have a tough time dealing with those non-technical issues.
Not everyone has the patience or skills to conduct training or to work directly with individuals to improve their companies’ cybersecurity defenses. Of course, they don’t have to do it all on their own. Many MSPs recognize their interpersonal limitations and bring in outside talent ‒ IT security training professionals with well-developed curriculums, as well as periodic testing and validation methodologies.
Repeat and Verify
The beauty of education, at least from a channel perspective, is that these services will theoretically last forever. Compliance and technology changes will demand periodic updates and new employees will have to be on-boarded into the program, and experts predict the security training market will increase substantially over the next decade and reach $10 billion by 2027 (Cybersecurity Ventures).
In other words, education is a worthy investment area for channel professionals. The value of everything related to cybersecurity is on the rise, and relatively few businesses have the knowledge and resources they need to protect their systems, data, and people. Demand is sure to grow faster than MSPs can scale their own security and training offerings, which means partnering will become more of a necessity than an option for many providers
Blame the data. While information has always been an organizational asset, few seemed to realize its actual value ‒ until cybercriminals started ransoming it and regulations were passed to protect it. In fact, data is now a top focus for executives and the addition of IoT, Big Data, and business intelligence applications, not to mention increasing compliance requirements, will make them more amenable to new security investments.
Whether MSPs develop their own end-user training curriculum and testing programs or forge alliances with channel-friendly partners, many of their clients are already in search of these educational services. And the rest won’t be far behind.
After all, the weakest link in cybersecurity is a moving target. It takes time to instill best practices in any business, and many of your clients’ employees will never reach that “protection nirvana” needed to keep their company safe. Cybercriminals strengthen and vary their tactics, new technologies and vulnerabilities come into play, and no two end users learn the same way.
Those variables can be a challenge for MSPs and their cybersecurity training partners, but they also present long-term consulting and support opportunities that your clients will value.
Brian Sherman, GetChanneled