Does your small company train your employees to prevent cyber attacks or hackers from getting into your computer system? If not, you should definitely think about doing so. Far too many employees are lackadaisical when it comes to their passwords, and the inconvenience of typing in passwords, or protecting their personal tech devices which are now interfacing with the IT systems in their companies.
The other day there was an excellent blog post by Dan Rowinski posted to Read-Write-Web Online Citizen Journalist News titled; “Employees, Not Hackers, Are the Biggest Threat to Security” published on June 27, 2011. Dan rightfully points out that internal security is paramount and that it is “not always a tech issue, for instance in the article he states:
“While groups like Anonymous and LulzSec use sophisticated hacking methods (like SQL-injections), the greatest threat to security within the government and large corporations does not come from programming vulnerabilities; it is their employees.”
Okay so, he’s right on the money, in fact everyone from the DHS to the top computer security firms point out that it is usually mistakes which are made in the IT department or with employees who have access to the system who do not take security seriously. Either that or they are too naïve to the issues with social engineering. Thus, if you are truly concerned with cyber attacks, viruses, worms, and hackers, then first, you must worry about insider threats.
Not just criminality inside the company or organization, but also “brain farts” or stupid actions by employees who do not seem to take the networks security or data safety seriously. Perhaps they have poor passwords for their personal tech device which can then be accessed via a coffee shop WiFi to gain authentication to a network, once in and once that device is compromised, the hacker now has access and a password to boot.
Thus, able to access from anywhere, a remote location or from another open WiFi system without giving themselves away, or maybe they will jump from one open system to a cloaking ISP in another nation to get in, totally untraceable. How did they do it? Simple, one employee made a mistake, or didn’t think anyone could or would break into their system. Once they did, it was too late.
If one or two employees are occasionally lackadaisical with computer security, you might be able to head off a future problem by discussing this with them. Far too often, it is not just one or two employees, but rather many, many, employees, and each one of their slight security mistakes start adding up until there is a big breach. Indeed I hope you will please consider everything I have discussed in this article, and do something about it.