A recent Wall Street Journal article focuses on an important issue – cyber security, and specifically what puts companies at risk: employee behavior! I would consider this claim as common sense. Just like with physical security, one could have the safest fort in the world, but if someone opens a door from inside, you have a problem.
So what are the top “no-no’s” for employees?
- Clicking on phishing links: You’d think that people would know better by now, but this is still an issue. Part of the problem is that scammers have gotten better about this: spell-checkers are everywhere (even here in WordPress!), a lot of company or employee information can be easily gained online, and the stakes are bigger. While their targets (us) have wisened up, we are also doing so much business via e-mail while frequently multitasking, that it can be hard to keep your guard up 100% of the time. The trouble is, sometime you need just one employee out of thousands to make just one mistake, and you could possibly compromise your network & data.
- Over-sharing information: So much information is posted online these days, making it easier to create more targeted social engineering attacks. (OK, now this got me thinking how much detail do I want to post here.. hmm…)
- Using personal e-mail accounts: I’m not sure how much it is that these accounts are inherently less safe (i.e. can be accessed with any equipment from anywhere in the world, with a simple password), versus people just being less careful (i.e. checking e-mail on questionable machines and networks, using less safe passwords, etc.) but the article cites a few notable cases of account hacking.
So, the bottom line is – don’t open the metaphorical door to strangers, or tell them what the secret knock is.