Who is Responsible for End User Email Security?

00:00

So this is end user email, security course, and in previous lesson, you have been able to learn how is email used for,

00:11

ah, breaching

00:13

PC security?

00:15

Um, in this listen,

00:19

you will be learning about who is responsible for end user image security

00:26

and responsible Zoff different people within your company regarding and use a remand security.

00:34

And why am I saying this? Because

00:37

there is no way that just some group of people can make sure that your email is 100% secure. So it is a thing that a lot

00:48

or

00:49

some parts off the company have to work together in order to create good email security.

00:56

And if you have listened to the first lesson in this course, you understand that this is extremely important because email is one of the most common successful ways to penetrate companies. Security. Also, if you're having

01:11

just your own PC, and if you're not working for some kind of corporation or company,

01:17

you should simply learn on how to take care of yourself.

01:23

So

01:26

who has the responsibility for end user *** security in a company?

01:30

Its I T department? Because these guys work on a daily basis is making sure that nothing happens.

01:38

The night is security Department, which is also

01:42

irresponsible effect if it exists in the company. It's not just the part of I d

01:48

They are also responsible for defining rules regarding I t security, but also making sure that these rules off hold. So execution,

01:57

um,

01:59

a jury sometimes conflict, you know, like turf war between 1990 security. But if companies working well, and if everything is designed properly, then there should be no conflict of interest between these two groups.

02:15

Also,

02:16

there is ah need for,

02:21

um uh hr to be involved in

02:24

I t security especially made security because there are simply some things that the i t department indicted Security cannot push tow the end users on. And there are simply things that these people have to do, um,

02:43

to make sure that everybody in company understands the importance and

02:47

to understand their role in all of that.

02:52

And, of course,

02:53

there is, ah

02:54

responsibility of every user off PC inside the company, because if,

03:01

um,

03:04

whatever you do with your i t security and I t procedures and rules,

03:12

um,

03:13

you cannot stop attacks on your company. If

03:20

every user is not following the rules, so there have to be some guidelines, and

03:29

everybody have to follow them.

03:35

So, um, let's go to I T Department and I T security departments.

03:43

Their job is to define security policies. So, first of all, for those who don't know what are the policies, policies in 19 terms are some kinds of guidelines or rules that have to be pushed to the end user PC. For example,

04:00

one of the policies that has direct impact on security

04:04

is password lent, or how frequently do you have to change it? So some companies say password has to be a tely state letters eight characters long. It has to consist at least one capital letter, one lower case letter when the number and one special character,

04:25

for example,

04:26

and uh so it has to have at least one off each of these. But because it's only because it's a at least eight letters or characters long, then it has to have more off

04:40

others as well,

04:42

then Ah, these departments also have to take care off softer protection on and use a device meaning anti male were softer, um, local. The definition of firewalls,

04:56

Uh, then they have to take care about email filtering service, which is beautifully done and server, not not a

05:03

individual users device and uses device

05:09

and all the policies that affect end user email security. So,

05:15

for example, what happens if you, for the first time, receive an email from somebody's it directly sent to Juncker's or Spam folder?

05:27

On you? Get a notification that there is something in your spam folder and please check it. Is it legit? So, for example, if your first time

05:35

in contact with somebody, they're sending you email first time

05:40

this can be done through a policy that is

05:44

then upheld,

05:46

then the other thing that I T and I T security departments have to do is to make sure that all tools and software's and operating systems are regularly entirely updated.

06:00

So it's the usual procedure for that is that if there is, for example, update on your operating system,

06:09

it is installed in isolated environment immediately after it's available.

06:15

Then they check that there are no conflicts with the current software solutions you're using because these things happen so they have to be tested,

06:26

and then if everything is a Hey, Okay, if everything is working properly there immediately pushed to the all toe to the entire network, toe old and use all and user devices.

06:41

Also, the thing that a light United said departments are responsible of is to make sure that PC's air protected after service repair. So one of the things that usually happens in this situation is, for example, if you had to replace your mother board

06:57

so you have some kind of formations contract, and, uh,

07:01

the PC was sent there, The results off course. Ah, some kind of procedure that make sure that your data on your hard drive

07:11

they don't leak out. So either I t has kept the hard drive and sent device without it. Or they bound the subcontractor with some clauses in the contract

07:24

that make sure that they are then the responsible for leakage of off information if it happens.

07:30

But when it comes back, for example, one of the things which is very crucial for I t security is that you have ah, bias password on your PC. And if

07:44

if it comes back with the brand new metal bird, there is no bias passport there, So there has to be a procedure that will detect that the PC doesn't have bias password or when you receive something from

07:59

from service before it gives, it's giving back to the end. User service technician has to check certain things so they have to go to checklist and make sure that all off these are,

08:11

you know, okay before it's given back today and user.

08:16

So these are the responsibilities of I t n I. T. Security Department

08:20

and then become to HR department. And this is D most like that neglected thing regarding I t security, special email and user email security.

08:31

And that is because these people are basically most companies not measured on anything security related,

08:41

but they have to be convinced to invest time and money

08:45

into providing training. Student in please.

08:48

Uh, we trilled.

08:50

Explain to people what is fishing, how the fishing works.

08:56

Um,

08:56

remember, most of the people working in today's companies have no connection toe i t. So they are probably not,

09:07

uh, by definition, knowledgeable about these things. So they have to be first made sure that they know things.

09:16

Did they know how fishing can be very dangerous? And then to understand how dangerous it can be if you open a phishing email

09:28

and then to make sure that everybody understands that if they

09:33

with all these trainings and explanations and even testing that can be done in the end of the training,

09:41

they still don't care and they do something like that.

09:46

Then they have toe define company policies that can have some people who do these careless things. They suffered the consequences. So

10:00

employees in the company should know that something bad is going to happen to them if they click on the phishing email and the company's then exposed to cyber attack because of that.

10:11

So these are the things that people should also. No, of course you can never exclude 100% the actions off this Gruntal limply that knows that's going to be terminated, the meaning fired via fired.

10:26

So in these cases, you simply cannot do anything. But then there is a small chance that from the moment they know they're going to leave that they will actually receive a phishing email because these things don't happen on a daily basis. So

10:41

in all these situations, HR should define something like

10:48

their form of punishment, let's say and what that. Make sure that every employee in the company understand what's going to happen to them if they

11:01

behaved badly.

11:03

And at the end, the responsibilities off and user

11:09

are

11:11

not to act responsibly.

11:13

It's, ah, it's very simple.

11:15

As an end user, you shouldn't open this suspicious emails.

11:20

Even if you opened that email or you have reading pain in your outlook and it gets open automatically, just don't click on the link.

11:31

And when opening the attachment, the recommendation is to for saved to the disk to make sure it's canned or my B. I. T. Has the procedure that whenever something is saved to the hard drive,

11:45

it's scanned and then toe open it. So don't just double click on the attachment. I know it's easier. I know it's, Ah,

11:52

it's faster, but

11:56

it's ah, it's a thing to

12:00

just don't do it.

12:01

And of course,

12:03

Ah, your passport is the key to your house.

12:07

So So you're out the house. Don't give it away.

12:11

It wouldn't be smart

12:15

if you would go, You know, just to the shopping mall and just leave your key with some stranger and then say OK, I'll come back for it too,

12:26

two hours later because in the meantime they can. They can make a copy, and if they know where you live, they can enter your house without you knowing when they know you're not there.

12:35

So you in the real life, you don't do these things.

12:39

And people they they have a tendency to

12:43

to make their passwords

12:45

simple or to just give them away, which is something that end user us and end user should never, never do.

12:54

Regardless, if this is your,

12:58

you know, private email or you're self employed, so you just work for yourself or you work for a company Inc

13:07

Just just don't don't do these things.

13:11

So in this video, you have learned about different responsibilities of different departments or and different different people within the company regarding and user email security.

13:26

You have learned what are the responsibilities of I T. And I t security. So they're there to provide the framework in which on using male security can function.

13:37

HR is responsible to make sure that people know about the consequences and to know about the possible ramifications if they don't act responsibly when the reading an email

13:50

and end. Users should just learn how to behave responsibly regarding security and to do that all the time. So for for cybercriminals, it is enough to penetrate your

14:05

security just once and the damage is done.

14:09

So if you do it just once,