Paraphrasing a line from Jessica Rabbit from the movie Roger Rabbit seems the appropriate comment from Geoffrey A. Fowler’s article “What’s a Company’s Biggest Security Risk? You.” Hence the headline: Employees Are Not Evil – They Are Just Drawn That Way. It is critical that employers be diligent in training their employees in online safety.
When your employees are online they are opening the door to danger. Be it opening phishing email attachments, writing passwords on sticky notes, plugging in USB drives found in the parking lot, using personal devices to access the company’s network, of hundreds of other social engineering attacks, data is the new currency of the internet age. And if it has value, there will always be someone wanting to steal it.
So what are the thieves after? Well that all depends on who they are. Some attacks are coming from thieves who want your customer’s credit card numbers, social security number, insurance number or anything else that allows these thieves to purchase goods or services under someone elses name. It can be competitors who want a company’s designs or trade secrets so as to reduce their R&D costs. Maybe it’s a group of watchdog vigilantes that want to promote a political agenda. Foreign governments, organized crimes, etc., are all out there. And as more businesses start moving to the cloud, security will be even more important.
Stopping these attacks is as realistic as stopping burglars, pickpockets or snatch ‘n’ grab thieves. It’s not the method but the value placed on the goods. But what can be done is putting in enough barriers and hurdles that make thieves look for easier prey.
Here are some key things to do:
- Educate employees on security. It is through ignorance that they become unknowing co-conspirators to a crime. Spear phishing, phone calls, dumpster diving, sticky notes, pages left on printers are just a few topics that employees need to be made aware of.
- Don’t include all your personal information when filling in profiles to social media. Facebook has repeatedly shown us that privacy is not an important consideration. But what is also happening is that some of the questions asked in social network profiles are the same questions asked by your bank to identify yourself. Ever been asked what high school you attended or what town did you get married in by your online bank account? Of course you have! Now take a look at your Facebook page and see if you can answer those questions from those friendly and innocuous seeming posts that your share with your family and friends. And the Facebook user’s info pages can be a goldmine for thieves.
- Ban personal devices from access the company network. Because individuals don’t have the security know how and tools to protect their own computers, why would a company want these weak links to infect the network?
- Be very careful of the cloud. While in-house IT savings may seem attractive many of these cloud suppliers have data stored on shared drives, the servers are located outside the US where our laws don’t apply and they are high-profile targets for hackers.
- Secure the back end with anti-virus, anti-malware, firewall, and all that stuff. But don’t forget disk encryption and challenge-response functions.
- Secure the “virtual” front door with a 2- or 3-factor authentication token. For example, a smartcard password manager like Power LogOn allows for complex passwords, passwords don’t have to be remember or typed, no passwords are stored on any computers and IT has complete control in managing the security. Security for IT and convenience for the employee.
Security is becoming more important and now we are hearing that CEO’s and Board of Directors of large companies are finally raising computer security to the forefront. It’s about time.
Dovell Bonnett, Founder & CEO
27762 Antonio Pkwy, L1-461
Ladera Ranch, CA 92694