Sandbox your employees, advises Trend Micro

Security firm says organisations should give employees a safe and secure environment to learn and make mistakes

Organisations should create safe and secure environments, or sandboxes, for employees to learn and make mistakes, without endangering corporate data.

The hope is that errors that could lead to disastrous data security breaches will be caught before they occur in the normal business environment.

"Sandbox your employees. They're the first and primary vulnerability that will be attacked by anyone. Let them learn and mess up in a safe environment," said Rik Ferguson, vice president of security research at Trend Micro.

Ferguson was referring to the concept of sandboxing in software, where potentially malicious code is allowed to execute in a secure virtual environment so that its intentions can be examined before it is permitted to do anything on the corporate network.

The advice came as part of a broader discussion about security awareness training at Trend Micro CloudSec 2016 in London this month. Ferguson also advised organisations to develop different security messages for different audiences.

"If you approach a tech-savvy audience with a high-level message they'll switch off quickly and lose respect for your organisation, whether that's partners, customers or your own employees. You need to target your education at the correct audience. That's a critical factor for success," he said.

Michael Wignall, national technology officer at Microsoft UK, said at the event that the need for improved security awareness is an opportunity for the industry.

"We've gone on a 40-year journey where security used to be an afterthought but is now built in to everything we do," he said.

"The industry has a responsibility for awareness and education, because the user is still the highest risk factor. Think of it as an opportunity."

Computing will hold its Enterprise Security and Risk Management Summit on 24 November in central London. Attendance is free to qualified end users.

The summit will be followed by the Security Excellence Awards, which is now open for entries from vendors and end users.