Does your small company train your employees to prevent cyber attacks or hackers from getting into your computer system? If not, you should definitely think about doing so. Far too many employees are lackadaisical when it comes to their passwords, and the inconvenience of typing in passwords, or protecting their personal tech devices which are now interfacing with the IT systems in their companies.
The other day there was an excellent blog post by Dan Rowinski posted to Read-Write-Web Online Citizen Journalist News titled; “Employees, Not Hackers, Are the Biggest Threat to Security” published on June 27, 2011. Dan rightfully points out that internal security is paramount and that it is “not always a tech issue, for instance in the article he states:
“While groups like Anonymous and LulzSec use sophisticated hacking methods (like SQL-injections), the greatest threat to security within the government and large corporations does not come from programming vulnerabilities; it is their employees.”
Okay so, he’s right on the money, in fact everyone from the DHS to the top computer security firms point out that it is usually mistakes which are made in the IT department or with employees who have access to the system who do not take security seriously. Either that or they are too ve to the issues with social engineering. Thus, if you are truly concerned with cyber attacks, viruses, worms, and hackers, then first, you must worry about insider threats.
Not just criminality inside the company or organization, but also “brain farts” or stupid actions by employees who do not seem to take the networks security or data safety seriously. Perhaps they have poor passwords for their personal tech device which can then be accessed via a coffee shop WiFi to gain authentication to a network, once in and once …