So How do we protect against You?

I was asked to prepare a presentation on secuirty and during my research, I discovered that a big part of Information Security is You.

What do I mean by You? The easiest and most profitable way to attack someone is to utilize some social engineering or phishing attack. The human need to help makes it very easy to take advantage of.

A perfect example…

RSA who makes secureid was hacked last year. Was it a fancy attack? No, a spreadsheet was emailed and someone clicked on it installing a backdoor. A good virus scanner or firewall should have prevented this. Also, not trusting a file would have also prevented it.

A perfect example…

Hacker target You all the time. Think about Facebook and Linkedin. How much personal information do you put on those sites? An attacker can utilize this information to craft an attack against you. If it does not need to be put out on the Internet, do not do it.

Some Things you can do to help…

  • Enduser training. You can not expect someone to understand how to prevent this without some sort of training program.(Think of it like this, my 12 year old daughter got a chance to move my car,well she had no training and you can guess what happened. Let’s just say theneighbors house stopped the car and it had a missing drivers mirror, and yes itwas my fault and my wife was furious).
  • Run a phishing attack against your users and teach them to be aware. You can hiresomeone to help or do it yourself
  • Trainend users not to provide passwords in emails or over the phone.
  • Be careful what you share and who you share it with
  • Do not run on your machine as administrator, use a low level account
  • Social Media needs to be monitored and if possible only allow posting of informationif the job they perform requires it.
  • If the information is sensitive enough, require 2 factor authentication.

I actually have a survey you can take to see how secure you are. Click Here to find out how secure you are. Security Survey