Employees can often be unaware they are giving out sensitive company information on social media sites, such as Facebook. People are now the weakest link in the security chain. The latest security technology may protect core systems, but it cannot protect against employees giving away information on social networks or using their own, less secure, mobile devices for business purposes.
It is a myth that technology will protect you. Those who attack us have no wish to spend a lot of time and money defeating our technology. They attack the user, which is much easier.
Many people are familiar with dodgy-looking emails purporting to be from a bank and they know not to click on links. The latest threats are much more sophisticated and personal, including "spearphishing", whereby the attacker uses information gleaned from social media to personalize an email to an individual. People are much more likely to open an email that has specific personal information in the header. They may even open innocent-looking attachments or give away further information replying to these emails.
Employees need some basis to understand how and why threats could affect the organization, or target them as individuals. Threats such as social engineering often work because people don't appreciate the value of what they're giving away.
In most organizations, employees remain the weakest link. Whether it is malicious or unintentional, they pose the biggest security risk. An education program which embraces home and business use of security is the most effective, making these policies second nature.
Thursday, May 23, 2013
Subscribe to:
Comments (Atom)