Much of the information in this blog has been devoted to alerting businesses and individuals of the pitfalls of insider threats. Those individuals that have been employed to work for you but have decided to take your information with them as they parlay it into a new position at a competitor, or hang out their own shingle.
What has been discussed much less is the likelihood of insiders unwittingly leaking information. The chance of this happening has become greater every day it seems. Oftentimes it’s in the form of a bogus email from your “Boss” to send a wire transfer but its just as applicable to intellectual property. You see, most of us have become so enamored with the latest and greatest features, as well as our “must capture all business” and be uber-responsive mentality, that we let our guard down. We’re not as vigilant about ensuring that our interactions with the outside world are done safely or what’s more with some bit of scrutiny.
Quite frankly as has been said before, the days of using a computer or computing device for a company and thinking that security is not your job are over. I wish everyone would realize that. I think security training is a major weakness in today’s small to mid size organizations. Either folks think their anti virus software (which by the way is generally behind in catching things, I mean, with a few exceptions, how do you think the antivirus company knows to look for a virus? Someone generally has to get it first before they know to look for it) is going to protect them or they are just not aware. As with most things it’s probably a blend of both and even more reasons that are not really relevant here.
The general mentality of “It’s not my Job” is still pervasive. More training to get people to pause before they open and even worse engage with a suspect email is needed. And not the “here’s some stuff to look for” email but the teaching of common sense or a reset of common sense as it relates to using a connected computer. Yes I’ve heard common sense isn’t the commonest sense but people need some sort of skepticism button when it comes to trusting everything they come across on the computer.
There ARE bad people out there who are looking for unwitting victims. At the risk of being the boy who cried wolf, people need to have a bit of this implanted into their minds when it comes to interacting with the outside world. How do you do this? Generally such training is not fun, I see that. It’s not as enjoyable as scrolling through Facebook and commenting on your friends’ posts (which just helps others build a profile on you to target you as a consumer but I digress). Still, there needs to be more emphasis to get this healthy skepticism to be more “sticky” with folks.
Until businesses, and to some extent IT (which in a small business there’s a good chance it’s outsourced), place more focus on this area it will continue to have a major impact on everyone. I say to some extent IT because businesses need to be asking for, if not demanding this critical training be a part of their IT program, ESPECIALLY if their support is from a vendor. Don’t forget, the Target network compromise several years back was due to a security issue with their HVAC vendor. Your network is only as strong as your weakest vendor that interacts with it and your IT vendor certainly interacts with it. This means they should be setting the standard, and a high standard at that. So, invest in some training with your folks and teach them to be on the lookout for things that don’t look right…just like your receptionist does. And just like spam email, we’re still getting this junk because people are responding to it! Stop the madness!
So, invest in some training with your folks and teach them to be on the lookout for things that don’t look right…just like your receptionist does. And just like spam email, we’re still getting this junk because people are responding to it! Stop the madness!