You work in the IT Department for a medium sized company. A non-technical user consistently has their credentials compromised. You have investigated and found no evidence of viruses or other malicious software. What is the BEST option to prevent this from happening again?
Setup safe mode on his computer
Change his file permissions
Provide relevant user training
Enforce a short password expiration
Correct Incorrect Unanswered
Answer Description
No level of security can protect against an inexperienced user. The best option is to provide relevant user training to ensure they are not being socially engineered into providing their network credentials.
Wikipedia
Internet Security Awareness Training (ISAT) is the training given to members of an organization regarding the protection of various information assets of that organization. ISAT is a subset of general security awareness training (SAT).
Even small and medium enterprises are generally recommended to provide such training, but organizations that need to comply with government regulations (e.g., the Gramm–Leach–Bliley Act, the Payment Card Industry Data Security Standard, Health Insurance Portability and Accountability Act, Sarbox) normally require formal ISAT for annually for all employees. Often such training is provided in the form of online courses.
ISAT, also referred to as Security Education, Training, and Awareness (SETA), organizations train and create awareness of information security management within their environment. It is beneficial to organizations when employees are well trained and feel empowered to take important actions to protect themselves and organizational data. The SETA program target must be based on user roles within organizations and for positions that expose the organizations to increased risk levels, specialized courses must be required.
Internet_Security_Awareness_Training - Wikipedia, the free encyclopedia 