In a perfect world, employees would have excellent cyber security
habits and never put the company’s network or data at risk. This isn’t a
perfect world, however, and the reality is employees do a lot of things
that mess with a CISO’s on-the-job sanity.
According to a survey commissioned by Sungard Availability Services, IT professionals see security
as a serious threat to the organization, and this is largely due to
employee behavior (or misbehavior). The worst security offense,
according to the 276 IT professionals who responded to the survey, is
carelessness surrounding mobile devices, followed closely by poor
password management. Both issues can easily lead to the type of data
breach that could cost a CISO his or her job. So, that being said, here
are ten surefire ways to mess with your CISO and put your company’s
important information at risk!
1. Leave your laptop in your car. Or forget your smartphone at
the airport security line. Or run for a refill of coffee while your
table sits unattended. Any time you put your device in a situation where
it can be easily stolen, you are putting the corporate network and data
at risk. Unfortunately, too many users don’t deploy the privacy
settings on their devices, so when a device is lost or stolen,
everything on it is readily available to the new “owner.”
2. Share passwords. More than fifty percent of the IT
professionals surveyed for the Sungard Availability Services study said
password sharing was one of their top security concern. There are two
different, but very important, password sharing concerns. First is
sharing a single password among multiple sites or access points. If
someone guesses that password, he will gain access to a lot of bonus
material because of employee laziness. Second is sharing a password with
your co-workers. Edward Snowden was able to gain access to many
unauthorized sites because fellow employees shared their passwords with
him.
3. Use weak or lazy passwords. While passwords aren’t the most
sophisticated security barrier, they are going to continue to be the
first point of authentication for a long time. But too many employees
continue to be lazy when they create passwords, coming up with codes
that are easy to guess. IT professionals would be thrilled if employees
would quit using passwords that rely on consecutive keyboard strokes
(like qwerty or 12345) and would start developing strong passwords that
get changed on a regular basis.
4. Forget to shut the door on the way out. Physical security
doesn’t get enough attention, but IT professionals were very clear about
how much of an issue inadequate building security can be. An unlocked
outside door or not having a way to monitor visitors to the facility can
leave computers, server rooms, networks, and even filing cabinets at
risk of being exposed to the wrong person.
5. Ignore company security programs. This falls on the
shoulders of IT staff and CISOs themselves, but by not enforcing strong
security programs, employees aren’t going to take the steps necessary
toward better security behaviors. So be sure to make it easy on
employees: share quick links to security policies, send lots of
reminders and “how to’s,” and make sure people understand the
information you provide.
6. Take the bait. Phishing scams have been around from the time ordinary people began communicating on the Internet. Despite better awareness of how dangerous a phishing scam can be and repeated reminders of steps to take to make sure attachments and links are legitimate, employees continue to spread malware through the company network because they can’t resist the bait.
6. Take the bait. Phishing scams have been around from the time ordinary people began communicating on the Internet. Despite better awareness of how dangerous a phishing scam can be and repeated reminders of steps to take to make sure attachments and links are legitimate, employees continue to spread malware through the company network because they can’t resist the bait.
7. Engage in anti-social media. Who doesn’t love to waste some time during the day checking Facebook and Twitter TWTR -0.72%
and Pinterest? CISOs don’t love when employees do it because social
media is a hot spot for embedded malware and click bait links that
direct users to dangerous sites. Also, social media users have been
known to put sensitive corporate information on their walls, creating a
security problem.
8. Patch things “later.” Half of IT professionals believe that
out-of-date security patches are a serious security problem, and it is
no wonder why. Patches are issues to fix specific vulnerabilities and
security issues in an operating system or software application, but too
many employees will click the “remind me later” button when prompted to
download the patch.
9. Expose sensitive data for all the world to see. How many of
the most recent high-profile breaches involved the compromise of
unencrypted data? The answer: too many. When employees aren’t utilizing
encryption processes, it puts sensitive data at risk if the network is
hacked. In turn, it causes panic among millions of consumers who find
out that their Social Security numbers and birth dates are suddenly
available for sale on black markets.
10. Exploit shadow IT. Unauthorized use of cloud applications,
software, external hard drives, and mobile devices might make life
easier for the employee, but it can be a nightmare for the CISO who has
to provide security for a multitude of unknown end points.
Source:
forbes.com
This post just reassures the saying "you're only as strong as your weakest link". At the end of the day, we are all human and we make mistakes. Nowadays, the smallest mistakes can be detrimental to companies.
ReplyDeleteFred H | www.amazingsupport.co.uk