10 Things Security Experts Wish End Users Knew

Abstract

Cybersecurity is an essential business operation more than ever before. However, without end users improving their knowledge base and behaviors, the technology that an organization deploys is insufficient.

The more users understand about risk and consequence, the more likely they will adjust their behavior and assist with supporting cybersecurity. These concepts are concerns that security experts want you to know.

In this article, I present 10 things cybersecurity experts wish end users knew.

Sample:

Software Updates Should Be Installed Promptly

New is not necessarily secure. However, that does not always mean that new is less secure or that old is more secure.

Security experts want end users to know that software updates should be installed promptly, but not blindly. Just because a vendor released an update does not mean it should be taken as a sign to install the update instantaneously.

The new code you would be adding to your system could be flawed or could cause unexpected results in your system that the vendor did not predict.

Under no circumstances should you install new updates before testing them and learning from others:

Take these steps to maximize cybersecurity:

Always test new updates on dedicated test systems.

Then, work through all major work tasks to ensure that the changes to the lab systems do not interfere.

Next, review any comments, reviews, or feedback available about the update from others.

Once you are satisfied that an update is reasonably safe and appropriate to install, take one more precaution: back up your target systems.

With a system backup, if the worst happens and the update process fails, the update corrupts your system, or new unforeseen consequences arise, you have a path to restore your environment back to a functional state. This capability is known as rollback.

Software updates should be installed promptly; don’t skip testing. Running the most current and complete set of code available will provide you with the most secure form of the product. When updates are delayed or skipped, flaws will remain in your environment, which can be discovered and exploited by attackers.