I read the Wall Street Journal and sometimes they write some great articles about network security among other topics. In a recent article, they discussed the biggest security threat to companies and it is you.
What do they mean by you? Most large and medium to small businesses have spent time hardening the perimeter of their network. I have helped a number of companies with this process, with next generation firewall’s and standard network hardening best practices. Today most of the criminals are not focused on hacking networks; they are focused on hacking employees.
As most network and security administrators will tell you, end users are the security gap. In the past few years, a majority of security breaches are related to hackers that gained access by exploiting employees that are well-intentioned.
I think most are familiar with the security breach at EMC’s RSA security unit, which makes dual factor authentication that a majority of banks and fortune 500 companies use. A hacker sent emails to two small groups of employee’s, including an excel spreadsheet titled “2011 Recruitment plan”. The message was convincing enough that an employee retrieved it from the Junk mail and then opened it. After it was open a bug that allowed the hacker access to sensitive company data and enabled attacks against clients of RSA.
Employees have a greater opportunity to compromise company information. Clicking on emails that contains viruses and we don’t know who they are from, that bypass corporate firewall security. (Which is why a good web filter should be used and if possible block unknown websites, which would prevent this). Employee’s also cause other issues by placing consumer-grade online cloud services and devices.
The best way to help mitigate this issue a good employee education program. Make sure your end users understand that some of what they are doing could cause a major problem for the company they work for.
This is part one of a two part blog post. In the next post, I will discuss some more security issues that happen when using social media and some ways to help mitigate some of the risk your employee’s are causing.
The Wall Street Journal Article can be found here