The Weakest Link Is You

On June 21st, 1948, an English machine called Small Scale Experimental Machine (SSEM) successfully executed the first stored computer program.  After the successful test, one pictures the scientists headed out to a pub to celebrate their success, securing their computer and its valuable program by simply locking the door.  That was the easiest securing computer information would ever be.

Today, businesses face a complicated digital world with threats to electronic information from numerous fronts.  Even the smallest of businesses must be connected to the Internet and must communicate seamlessly with their customers and vendors.  This connectivity, coupled with the development of anonymous currencies like Bitcoin, creates a wealth of opportunities for cybercriminals. Or more accurately, opportunities to transfer your wealth to cybercriminals in the form of ransomware payments.  Numerous sources report that cybercriminals collected hundreds of millions of dollars in 2016 by extorting businesses to unlock computer files.  As IT professionals, we combat cybercrime in numerous ways.  We build a chain of security to block various threats.  For example, an email received by one of our clients will likely have been scanned by an email protection service, passed through a firewall, and scanned on access by antivirus and anti-malware programs.   Each link in this security chain will filter out threats so there are very few that reach the final and weakest link in the chain – YOU.

It isn’t just you, of course, it’s people in general and it isn’t hard to see why.  We all need computers at work to execute tasks.  It’s not unreasonable to want to transfer electronic files between people, open them, use them and transfer them back. It’s not unreasonable to expect that one can click on a hyper-link in an email to access a shipping confirmation or a web article.  We want and need to be capable of these tasks and our computers must be allowed to do what we tell them to do. That is why cybercriminals utilize them so frequently.  It is also why we are the weakest link in the security chain.

Cybercriminals recognize our needs and exploit them in numerous ways. They have become quite sophisticated in embedding their threats in emails, hyper-links, websites and file attachments.  They will even research targets and craft specific attacks against organizations by posing as staff electronically.  Users need to be trained to recognize suspicious material, understand what constitutes risky behavior and what to do when confronted with a threat.

Aldebaran Group has partnered with KnowBe4, a Tampa based Security Awareness Training (SAT) company to deliver comprehensive SAT training at a fraction of what custom training costs. The instruction includes high quality web-based interactive training combined with common traps, live demonstration videos, short comprehension tests and scenario-based Danger Zone exercises. The training ensures that employees understand the mechanisms of spam, phishing, spear phishing, malware and social engineering, and are able to apply this knowledge in their day-to-day job. Each "common trap" ends with its own short multiple choice test, there is a quiz at the end of the training, and trainees get a unique job-aid: Social Engineering Red Flags™ with 22 things to watch for. The Training Campaigns do the heavy lifting of getting users through their training and management can easily monitor employee progress using an online portal.  Before the training is deployed, employees can optionally be sent a simulated phish message, allowing management to establish a security preparedness baseline.  You may be surprised at how vulnerable your organization is!  After the training campaign completes, further phish tests can sent at random intervals in order to keep employees on their toes.

Aldebaran Group encourages all of its clients to seriously consider a Security Awareness Campaign.

Feedback from clients has been extremely positive. Get in touch today to learn how cost effective this program is!

Email or call your regular consultant, or email:, visit the Contact Us page on our website: , or call 202-683-6175 x 101 and leave a message for quick call-back