People make mistakes. Knowledge makes the difference. Eye of a woman in front of an iris scanner.

People make mistakes. Knowledge makes the difference.

The human risk factor: Why IT security also means prevention and education

Successful IT security strategies are based on powerful technology. It provides adaptive access controls and protects the identities of your employees, the most important line of defense in the fight against external threats. On top of this, high-performance technology does not disturb employees’ daily routines and thus creates a high level of user acceptance, which is crucial in the efforts to prevent them from using shadow IT.

However, technology can fail if your users make the wrong decisions, be it out of ignorance or oversight. Thus, if one of your employees is curious or gullible, they can become a risk factor and even a crucial weak spot for the safety of your organization. In order to avoid this, you must turn your employees into cybersecurity experts.

The user as a security risk - and what you can do about it


Identity theft is one of the most common sources of successful cyberattacks. To better protect identities and credentials, you should rely on tools such as Azure Active Directory and conditional access. These help you to manage user identities and create information-based policies to protect your resources from unauthorized access. With modern login methods such as Windows Hello, you can also easily replace insecure passwords - for example through face recognition, fingerprint scanner or PIN.


If unsecured laptops or smartphones - whether accidentally lost or stolen - fall into the wrong hands, internal information is quickly out of your control. That's why you need to fully protect your employees' personal and private devices, and if they do, they'll need to be able to remotely wipe data from them. With Microsoft Intune, you can introduce flexible controls for managing mobile devices and apps, so your business data, email, and other corporate resources are always protected. Thanks to Unified Endpoint Management, a feature of Intune, for example, even if a device is lost or stolen, it ensures that existing data does not fall into the wrong hands. The special advantage: With Intune you can manage and secure all devices - regardless of form factor and operating system, Android and iOS) - via a central administration console. This saves you money, because thanks to the comprehensive administration, any existing MDM systems (Mobile Device Management) that you previously needed to secure iOS and Android-based devices can be easily replaced. An additional level of security is provided by Mobile Application Management (MAM) with Intune App Protection because your administrators can define application-based compliance settings, such as Office 365 apps.


Individual employees who purposely infiltrate their security measures can only afford limited protection. But in most security incidents, the lack of awareness of the problem and thoughtless action are the causes. Here you can start with training and education effectively, because knowledge makes the difference! Plus, create a secure environment with technology tools so files and information can only be shared with authorized people - for example, with Azure Information Protection. Another leverage that you can address concerns access rights: Use Azure Active Directory to get the right people to access the right resources, and use risk-based conditional access to check logon attempts are 'logical' or not they may not be indicative of compromised login information.


Hardware, software, and cloud services used by individual employees under the radar of your IT department pose a serious security risk. Therefore, educate your users about the problems associated with using unauthorized apps and apps Services go hand in hand. To uncover and mitigate the use of shadow IT, Microsoft Cloud App Security is a solution that gives you more visibility and control over your infrastructure while increasing protection against threats. In Cloud App Security, simply set up notifications and alerts that inform you about abnormal behavior, such as illogical logon attempts, unusual administrator activity, large download volumes, or decommissioned user accounts. A sensible complement to the Microsoft 365 Security and Compliance Center, which provides you with practical tips and recommendations to react faster in critical incidents and ward off any possible damage.

IT security is not a question of goodwill, it's a necessity. Therefore, organizations need to explain the reasons for actions to their staff and identify the consequences of being too light on dealing with security issues. Make sure your employees are aware of the risks and act on their own responsibility.

Important tips on how to turn your employees and users into security experts


Whether you’re in the process of training new employees or working with the rest of your workforce, make sure to focus on educating them in order to prevent them from making the typical security mistakes.


Raise awareness among your users of the risks associated with using unauthorized apps and services.

Establish binding best practices and easy-to-understand policies. Foster open dialogue and get the executive branch on board.

Implementing solid IT security is not a choice, but a necessity. Organizations need to educate their staff on the companies’ security policies and help them understand the consequences of not taking appropriate steps when dealing with security risks. The list of consequences derived from cyber-attacks goes on and on, from downtime caused by business interruption to lost revenue and damage to the company image. Make sure your employees are aware of those risks so they act responsibly.

Reading tips and further resources

Compass on green background

Counteract peopleware with SAM

Combat rogue devices and weak passwords with Software Asset Management.

Read more
padlock

Learn from others

Learn from other organisations using SAM for IT management.

Read the brief

Microsoft solution for IT security

Screen of a surface with a graph

Microsoft 365

A comprehensive, intelligent solution that combines the best of Office 365, Windows 10 and Enterprise Mobility + Security, empowering everyone to be creative and work together, securely.

Learn more about Microsoft 365
Woman with a surface

Enterprise Mobility + Security

Keep pace with today’s security challenges. Identity-driven innovations help you stay secure and productive on your favorite apps and devices.

Learn more about Enterprise Mobility + Security
Business People

Windows 10 Enterprise

Windows 10 Enterprise addresses the needs of large and medium-size organizations, providing IT professionals with comprehensive device and app management.

Learn more about Windows 10 Enterprise
Hands on a laptop

Azure Information Protection

Better protect your sensitive information. Control and help secure email, documents and sensitive data that you share outside your company.

Learn more about Azure Information Protection