Wednesday, July 6, 2011

PREVENTING THE CON

Posted by OurTech Team | Wednesday, July 6, 2011 | Category: , , , |





A point to include in your security training: Just because a caller or visitor knows
the names of some people in the company, or knows some of the corporate lingo
or procedures, doesn't mean he is who he claims to be. And it definitely doesn't
establish him as anybody authorized to be given internal information, or access to
your computer system or network.
Security training needs to emphasize: When in doubt, verify, verify, verify.
In earlier times, access to information within a company was a mark of rank and
privilege. Workers stoked the furnaces, ran the machines, typed the letters, and
filed the reports. The foreman or boss told them what to do, when, and how. It
was the foreman or boss who knew how many widgets each worker should be
producing on a shift, how many and in what colors and sizes the factory needed
to turn out this week, next week, and by the end of the month.
Workers handled machines and tools and materials, and bosses handled
information. Workers needed only the information specific to their specific jobs.
The picture is a little different today, isn't it? Many factory workers use some
form of computer or computer-driven machine. For a large part of the workforce,
critical information is pushed down to the users' desktops so that they can fulfill
their responsibility to get their work done. In today's environment, almost
everything employees do involves the handling of information.
That's why a company's security policy needs to be distributed enterprise-wide,
regardless of position. Everybody must understand that it's not just the bosses and
executives who have the information that an attacker might be after. Today,
workers at every level, even those who don't use a computer, are liable to be
targeted. The newly hired rep in the customer service group may be just the weak
link that a social engineer breaks to achieve his objective.
Security training and corporate security policies need to strengthen that
link.

Currently have 0 Comments:


Leave a Reply