Symantec, InfoSec Roll Out New Security Awareness Program
Mobile payments security must, by definition, work in two different directions. Not only must the payment system be secure, but the device on which it runs must also be secure. That’s why recent word from InfoSec Institute should prove particularly welcome not just for mobile payments users, but for mobile and desktop device users as well. The new initiative combines InfoSec’s SecurityIQ platform for security awareness education with Symantec’s Endpoint Protection systems.
With Symantec’s Event-Activated Learning integration, it’s possible to provide education to its end users when it’s most needed. Instead of offering up one big glut of training that will likely be dozed through and easily forgotten, the InfoSec / Symantec offering actually provides education on the spot connected to certain events.
For instance, if an employee was about to click a link and download a file—which is a key element of a spearphishing attack—the system would not only kick in to prevent the action, but it would also automatically engage the spearphishing module to present just why what that employee was about to do is wrong. Not only does this learning system work with Symantec endpoint protection, but also with Trend Micro, Carbon Black, Cisco AMP for Endpoints and several others besides.
It’s a great plan on the surface; by jumping in with education whenever a user tries to do something risky, chances are a lot of risk can be ameliorated or outright removed in many cases. That’s not to say it’s always the right thing to do; downloading files are necessary to ongoing operations in some cases, so by jumping in with the scold every time, chances are it’s going to alienate quite a few users to the point where they might jump ship outright. The idea that a security program could be contributing to increased turnover—and the increasing costs therein—may sound outlandish, but it’s a possibility.
It’s not to say that Symantec and InfoSec don’t have a good idea here, but it might be the kind of thing that might go too far. For mobile payments users, a little extra protection is seldom unwelcome. This particular plan, though, might take a good thing and give users way too much of it.